[cod] help

Tyson twisted at twistedgamingservice.com
Mon Jan 25 20:45:46 EST 2010 

If you weren't supporting warez clients you wouldn't have this issue.



-----Original Message-----
From: pet [mailto:games at maxrate.pl] 
Sent: Monday, January 25, 2010 4:14 AM
To: Call of Duty server admin list.
Subject: Re: [cod] help

thank You very much :)

W dniu 2010-01-25 12:07, River Hosting - Info pisze:
> All you need is right here
> http://www.fpsadmin.com/forum/showthread.php?t=11777.
>
> Met vriendelijke groet,
> With kind regards,
>
> Julian Maartens
> River Hosting
>
> info at riverhosting.nl
> http://www.riverhosting.nl
>
> -----Oorspronkelijk bericht-----
> Van: Bong-Master [mailto:bong-master at thesilverdagger.co.uk]
> Verzonden: maandag 25 januari 2010 12:03
> Aan: Call of Duty server admin list.
> Onderwerp: Re: [cod] help
>
> My computer illiterate wife said 1.3 will fix this.
>
> --------------------------------------------------
> From: "pet"<games at maxrate.pl>
> Sent: Monday, January 25, 2010 10:53 AM
> To: "Call of Duty server admin list."<cod at icculus.org>
> Subject: [cod] help
>
>    
>> Hi all members
>>
>> I have problems with crazy hackers which hacks my servers all the time. I
>> mean call of duty 2 1.0. I know that You will say, change into 1.3, but
>> this is not the solution. Couple times a day somebody hacks my server and
>> its shutdown, after that I see in console "ERROR: Attempted to overrun
>> string in call to va()".  How can I secure my server against this suckers
>> which have nothing better to do with theirs empty brains. Please help.
>>
>> Pet
>>
>>
>> "va() is a function of the Quake 3 engine used to quickly build strings
>> using snprintf and a static destination buffer.
>> Read more on: : i3D.net Game Forums
>>
>>      
>
http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes
> -command-exploit.html
>    
>> If the generated string is longer than the available buffer the server
>> shows an "Attempted to overrun string in call to va()" error and
>> terminates.
>>  From Call of Duty 2 (and consequently) the size of this buffer has
>> been reduced from the original 32000 bytes to only 1024 causing many
>> problems to the admins.
>>
>> So in CoD5 an attacker which has joined the server can exploit this
>> vulnerability through the sending of a command longer than 1024 bytes
>> causing the immediate termination of the server."
>>
>> I try it, and it works. I you send this command to the server, it will
>> crash:
>>
>> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>> aaaaaaaaaaaaaaaaaaaaaaaa
>>
>>
>> so
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>      
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
>    

_______________________________________________
cod mailing list
cod at icculus.org
http://icculus.org/mailman/listinfo/cod

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 9.0.730 / Virus Database: 271.1.1/2643 - Release Date: 01/24/10
12:33:00

More information about the cod mailing list