[cod] Cod WW: 1024 bytes Command Exploit

|T-OC|Morpheus|:. morpheus at clantoc.org
Sun Jan 25 05:51:27 EST 2009 

I don't consider it as normal that a bug existing since the beginning of 
cod series is not definitely addressed yet. How the hell is it possible ?

escapedturkey a écrit :
> True, that is a problem. On the other hand if the exploit is so bad it 
> takes down servers, the developer will be more encouraged to address 
> it. Tough call.
>
> MikeTNT wrote:
>> Thank you so much that you send such information in a non puplic 
>> mailing list like icculus.org
>> Now all admins over the world can be sure that nobody will copy your 
>> string and try it out. :-(
>>  
>>  
>>
>>     ----- Original Message -----
>>     *From:* Jumping Jack Flash <mailto:jumping.cod at gmail.com>
>>     *To:* cod at icculus.org <mailto:cod at icculus.org>
>>     *Sent:* Saturday, January 24, 2009 9:53 PM
>>     *Subject:* [cod] Cod WW: 1024 bytes Command Exploit
>>
>>     Hi guys, every day my cod5 server fall down cause this
>>     error: Attempted to overrun string in call to va()
>>
>>     I've found some information about it:
>>
>>     "va() is a function of the Quake 3 engine used to quickly build 
>> strings
>>     using snprintf and a static destination buffer.
>>     If the generated string is longer than the available buffer the 
>> server
>>     shows an "Attempted to overrun string in call to va()" error and
>>     terminates.
>>     >From Call of Duty 2 (and consequently) the size of this buffer has
>>     been reduced from the original 32000 bytes to only 1024 causing many
>>     problems to the admins.
>>
>>     So in CoD5 an attacker which has joined the server can exploit this
>>     vulnerability through the sending of a command longer than 1024 
>> bytes
>>     causing the immediate termination of the server."
>>
>>     I try it, and it works. I you send this command to the server, it 
>> will crash:
>>
>>
>>     cmd 
>> I'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsv 
>>
>>
>>
>>     I test it in differents servers, in someones worked, in other 
>> didn't... Anybody knows a solution for this exploit?
>>
>>     Thank, and sorry my english :P
>>
>>
>>     JuMp!nG
>>
>>
>
> ---
> To unsubscribe, send a blank email to cod-unsubscribe at icculus.org
> Mailing list archives: http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?38
>
>

More information about the Cod mailing list