[cod] Cod WW: 1024 bytes Command Exploit
|T-OC|Morpheus|:.
morpheus at clantoc.org
Sun Jan 25 05:51:27 EST 2009
I don't consider it as normal that a bug existing since the beginning of
cod series is not definitely addressed yet. How the hell is it possible ?
escapedturkey a écrit :
> True, that is a problem. On the other hand if the exploit is so bad it
> takes down servers, the developer will be more encouraged to address
> it. Tough call.
>
> MikeTNT wrote:
>> Thank you so much that you send such information in a non puplic
>> mailing list like icculus.org
>> Now all admins over the world can be sure that nobody will copy your
>> string and try it out. :-(
>>
>>
>>
>> ----- Original Message -----
>> *From:* Jumping Jack Flash <mailto:jumping.cod at gmail.com>
>> *To:* cod at icculus.org <mailto:cod at icculus.org>
>> *Sent:* Saturday, January 24, 2009 9:53 PM
>> *Subject:* [cod] Cod WW: 1024 bytes Command Exploit
>>
>> Hi guys, every day my cod5 server fall down cause this
>> error: Attempted to overrun string in call to va()
>>
>> I've found some information about it:
>>
>> "va() is a function of the Quake 3 engine used to quickly build
>> strings
>> using snprintf and a static destination buffer.
>> If the generated string is longer than the available buffer the
>> server
>> shows an "Attempted to overrun string in call to va()" error and
>> terminates.
>> >From Call of Duty 2 (and consequently) the size of this buffer has
>> been reduced from the original 32000 bytes to only 1024 causing many
>> problems to the admins.
>>
>> So in CoD5 an attacker which has joined the server can exploit this
>> vulnerability through the sending of a command longer than 1024
>> bytes
>> causing the immediate termination of the server."
>>
>> I try it, and it works. I you send this command to the server, it
>> will crash:
>>
>>
>> cmd
>> I'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsv
>>
>>
>>
>> I test it in differents servers, in someones worked, in other
>> didn't... Anybody knows a solution for this exploit?
>>
>> Thank, and sorry my english :P
>>
>>
>> JuMp!nG
>>
>>
>
> ---
> To unsubscribe, send a blank email to cod-unsubscribe at icculus.org
> Mailing list archives: http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?38
>
>
More information about the Cod
mailing list