[cod] help
pet
games at maxrate.pl
Mon Jan 25 05:53:34 EST 2010
Hi all members
I have problems with crazy hackers which hacks my servers all the time.
I mean call of duty 2 1.0. I know that You will say, change into 1.3,
but this is not the solution. Couple times a day somebody hacks my
server and its shutdown, after that I see in console "ERROR: Attempted
to overrun string in call to va()". How can I secure my server against
this suckers which have nothing better to do with theirs empty brains.
Please help.
Pet
"va() is a function of the Quake 3 engine used to quickly build strings
using snprintf and a static destination buffer.
Read more on: : i3D.net Game Forums
http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes-command-exploit.html
If the generated string is longer than the available buffer the server
shows an "Attempted to overrun string in call to va()" error and
terminates.
From Call of Duty 2 (and consequently) the size of this buffer has
been reduced from the original 32000 bytes to only 1024 causing many
problems to the admins.
So in CoD5 an attacker which has joined the server can exploit this
vulnerability through the sending of a command longer than 1024 bytes
causing the immediate termination of the server."
I try it, and it works. I you send this command to the server, it will
crash:
cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa
so
More information about the cod
mailing list