[cod] Cod WW: 1024 bytes Command Exploit

escapedturkey escapedturkey at escapedturkey.com
Sat Jan 24 21:44:30 EST 2009 

True, that is a problem. On the other hand if the exploit is so bad it 
takes down servers, the developer will be more encouraged to address it. 
Tough call.

MikeTNT wrote:
> Thank you so much that you send such information in a non puplic mailing 
> list like icculus.org
> Now all admins over the world can be sure that nobody will copy your 
> string and try it out. :-(
>  
>  
> 
>     ----- Original Message -----
>     *From:* Jumping Jack Flash <mailto:jumping.cod at gmail.com>
>     *To:* cod at icculus.org <mailto:cod at icculus.org>
>     *Sent:* Saturday, January 24, 2009 9:53 PM
>     *Subject:* [cod] Cod WW: 1024 bytes Command Exploit
> 
>     Hi guys, every day my cod5 server fall down cause this
>     error: Attempted to overrun string in call to va()
> 
>     I've found some information about it:
> 
>     "va() is a function of the Quake 3 engine used to quickly build strings
>     using snprintf and a static destination buffer.
>     If the generated string is longer than the available buffer the server
>     shows an "Attempted to overrun string in call to va()" error and
>     terminates.
>     >From Call of Duty 2 (and consequently) the size of this buffer has
>     been reduced from the original 32000 bytes to only 1024 causing many
>     problems to the admins.
> 
>     So in CoD5 an attacker which has joined the server can exploit this
>     vulnerability through the sending of a command longer than 1024 bytes
>     causing the immediate termination of the server."
> 
>     I try it, and it works. I you send this command to the server, it will crash:
> 
> 
>     cmd I'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsv
> 
> 
>     I test it in differents servers, in someones worked, in other didn't... Anybody knows a solution for this exploit?
> 
>     Thank, and sorry my english :P
> 
> 
>     JuMp!nG
> 
>

More information about the Cod mailing list