[cod] help

Charles Goldsmith wokka at justfamily.org
Tue Jan 26 12:24:10 EST 2010 

Yeah, why dance around it?  Questions asked about unpatched servers
shouldn't be asnwered here, other than a go away.

Just note the name of the person asking the question, and also the
person who replied with the work-around.

Charles

On Mon, Jan 25, 2010 at 11:40 PM, Tyson
<twisted at twistedgamingservice.com> wrote:
> Tired of the beating around the bush every time someone like him asks a 1.0
> question.
>
> Is he the same one came asking for 1.0 files and gave the argument that if
> he didn't do it to stay in biz then someone else would?
>
>
>
> -----Original Message-----
> From: escapedturkey [mailto:escapedturkey at escapedturkey.com]
> Sent: Monday, January 25, 2010 10:34 PM
> To: Call of Duty server admin list.
> Subject: Re: [cod] help
>
> Someone finally said it. :)
>
> Tyson wrote:
>> If you weren't supporting warez clients you wouldn't have this issue.
>>
>>
>>
>> -----Original Message-----
>> From: pet [mailto:games at maxrate.pl]
>> Sent: Monday, January 25, 2010 4:14 AM
>> To: Call of Duty server admin list.
>> Subject: Re: [cod] help
>>
>> thank You very much :)
>>
>> W dniu 2010-01-25 12:07, River Hosting - Info pisze:
>>> All you need is right here
>>> http://www.fpsadmin.com/forum/showthread.php?t=11777.
>>>
>>> Met vriendelijke groet,
>>> With kind regards,
>>>
>>> Julian Maartens
>>> River Hosting
>>>
>>> info at riverhosting.nl
>>> http://www.riverhosting.nl
>>>
>>> -----Oorspronkelijk bericht-----
>>> Van: Bong-Master [mailto:bong-master at thesilverdagger.co.uk]
>>> Verzonden: maandag 25 januari 2010 12:03
>>> Aan: Call of Duty server admin list.
>>> Onderwerp: Re: [cod] help
>>>
>>> My computer illiterate wife said 1.3 will fix this.
>>>
>>> --------------------------------------------------
>>> From: "pet"<games at maxrate.pl>
>>> Sent: Monday, January 25, 2010 10:53 AM
>>> To: "Call of Duty server admin list."<cod at icculus.org>
>>> Subject: [cod] help
>>>
>>>
>>>> Hi all members
>>>>
>>>> I have problems with crazy hackers which hacks my servers all the time.
> I
>>>> mean call of duty 2 1.0. I know that You will say, change into 1.3, but
>>>> this is not the solution. Couple times a day somebody hacks my server
> and
>>>> its shutdown, after that I see in console "ERROR: Attempted to overrun
>>>> string in call to va()".  How can I secure my server against this
> suckers
>>>> which have nothing better to do with theirs empty brains. Please help.
>>>>
>>>> Pet
>>>>
>>>>
>>>> "va() is a function of the Quake 3 engine used to quickly build strings
>>>> using snprintf and a static destination buffer.
>>>> Read more on: : i3D.net Game Forums
>>>>
>>>>
>>
> http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes
>>> -command-exploit.html
>>>
>>>> If the generated string is longer than the available buffer the server
>>>> shows an "Attempted to overrun string in call to va()" error and
>>>> terminates.
>>>>  From Call of Duty 2 (and consequently) the size of this buffer has
>>>> been reduced from the original 32000 bytes to only 1024 causing many
>>>> problems to the admins.
>>>>
>>>> So in CoD5 an attacker which has joined the server can exploit this
>>>> vulnerability through the sending of a command longer than 1024 bytes
>>>> causing the immediate termination of the server."
>>>>
>>>> I try it, and it works. I you send this command to the server, it will
>>>> crash:
>>>>
>>>> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>>>> aaaaaaaaaaaaaaaaaaaaaaaa
>>>>
>>>>
>>>> so
>>>> _______________________________________________
>>>> cod mailing list
>>>> cod at icculus.org
>>>> http://icculus.org/mailman/listinfo/cod
>>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>> _______________________________________________
>>> cod mailing list
>>> cod at icculus.org
>>> http://icculus.org/mailman/listinfo/cod
>>>
>>>
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
>> No virus found in this incoming message.
>> Checked by AVG - www.avg.com
>> Version: 9.0.730 / Virus Database: 271.1.1/2643 - Release Date: 01/24/10
>> 12:33:00
>>
>> _______________________________________________
>> cod mailing list
>> cod at icculus.org
>> http://icculus.org/mailman/listinfo/cod
>>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.730 / Virus Database: 271.1.1/2643 - Release Date: 01/25/10
> 12:36:00
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>

More information about the cod mailing list