[cod] help

escapedturkey escapedturkey at escapedturkey.com
Tue Jan 26 00:33:38 EST 2010


Someone finally said it. :)

Tyson wrote:
> If you weren't supporting warez clients you wouldn't have this issue.
> 
> 
> 
> -----Original Message-----
> From: pet [mailto:games at maxrate.pl] 
> Sent: Monday, January 25, 2010 4:14 AM
> To: Call of Duty server admin list.
> Subject: Re: [cod] help
> 
> thank You very much :)
> 
> W dniu 2010-01-25 12:07, River Hosting - Info pisze:
>> All you need is right here
>> http://www.fpsadmin.com/forum/showthread.php?t=11777.
>>
>> Met vriendelijke groet,
>> With kind regards,
>>
>> Julian Maartens
>> River Hosting
>>
>> info at riverhosting.nl
>> http://www.riverhosting.nl
>>
>> -----Oorspronkelijk bericht-----
>> Van: Bong-Master [mailto:bong-master at thesilverdagger.co.uk]
>> Verzonden: maandag 25 januari 2010 12:03
>> Aan: Call of Duty server admin list.
>> Onderwerp: Re: [cod] help
>>
>> My computer illiterate wife said 1.3 will fix this.
>>
>> --------------------------------------------------
>> From: "pet"<games at maxrate.pl>
>> Sent: Monday, January 25, 2010 10:53 AM
>> To: "Call of Duty server admin list."<cod at icculus.org>
>> Subject: [cod] help
>>
>>    
>>> Hi all members
>>>
>>> I have problems with crazy hackers which hacks my servers all the time. I
>>> mean call of duty 2 1.0. I know that You will say, change into 1.3, but
>>> this is not the solution. Couple times a day somebody hacks my server and
>>> its shutdown, after that I see in console "ERROR: Attempted to overrun
>>> string in call to va()".  How can I secure my server against this suckers
>>> which have nothing better to do with theirs empty brains. Please help.
>>>
>>> Pet
>>>
>>>
>>> "va() is a function of the Quake 3 engine used to quickly build strings
>>> using snprintf and a static destination buffer.
>>> Read more on: : i3D.net Game Forums
>>>
>>>      
> http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes
>> -command-exploit.html
>>    
>>> If the generated string is longer than the available buffer the server
>>> shows an "Attempted to overrun string in call to va()" error and
>>> terminates.
>>>  From Call of Duty 2 (and consequently) the size of this buffer has
>>> been reduced from the original 32000 bytes to only 1024 causing many
>>> problems to the admins.
>>>
>>> So in CoD5 an attacker which has joined the server can exploit this
>>> vulnerability through the sending of a command longer than 1024 bytes
>>> causing the immediate termination of the server."
>>>
>>> I try it, and it works. I you send this command to the server, it will
>>> crash:
>>>
>>> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>> aaaaaaaaaaaaaaaaaaaaaaaa
>>>
>>>
>>> so
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>      
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>>    
> 
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
> 
> No virus found in this incoming message.
> Checked by AVG - www.avg.com 
> Version: 9.0.730 / Virus Database: 271.1.1/2643 - Release Date: 01/24/10
> 12:33:00
> 
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
> 


More information about the cod mailing list