[cod] help

Bong-Master bong-master at thesilverdagger.co.uk
Mon Jan 25 06:03:21 EST 2010 

My computer illiterate wife said 1.3 will fix this.

--------------------------------------------------
From: "pet" <games at maxrate.pl>
Sent: Monday, January 25, 2010 10:53 AM
To: "Call of Duty server admin list." <cod at icculus.org>
Subject: [cod] help

> Hi all members
>
> I have problems with crazy hackers which hacks my servers all the time. I 
> mean call of duty 2 1.0. I know that You will say, change into 1.3, but 
> this is not the solution. Couple times a day somebody hacks my server and 
> its shutdown, after that I see in console "ERROR: Attempted to overrun 
> string in call to va()".  How can I secure my server against this suckers 
> which have nothing better to do with theirs empty brains. Please help.
>
> Pet
>
>
> "va() is a function of the Quake 3 engine used to quickly build strings
> using snprintf and a static destination buffer.
> Read more on: : i3D.net Game Forums 
> http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes-command-exploit.html
> If the generated string is longer than the available buffer the server
> shows an "Attempted to overrun string in call to va()" error and
> terminates.
> From Call of Duty 2 (and consequently) the size of this buffer has
> been reduced from the original 32000 bytes to only 1024 causing many
> problems to the admins.
>
> So in CoD5 an attacker which has joined the server can exploit this
> vulnerability through the sending of a command longer than 1024 bytes
> causing the immediate termination of the server."
>
> I try it, and it works. I you send this command to the server, it will 
> crash:
>
> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 
> aaaaaaaaaaaaaaaaaaaaaaaa
>
>
> so
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod

More information about the cod mailing list