All the more reason this should be fixed by the COD5 dev team. I'm sure I recall some mails about this or a similar issue ages ago. <br><br><br><br><div class="gmail_quote">On Sat, Jan 24, 2009 at 10:42 PM, MikeTNT <span dir="ltr"><<a href="mailto:MikeTNT@gmx.de">MikeTNT@gmx.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div bgcolor="#ffffff">
<div><font size="2" face="Arial">Thank you so much that you send such information in
a non puplic mailing list like <a href="http://icculus.org" target="_blank">icculus.org</a></font></div>
<div><font size="2" face="Arial">Now all admins over the world can be sure that
nobody will copy your string and try it out. :-(</font></div>
<div><font size="2" face="Arial"></font> </div>
<div><font size="2" face="Arial"></font> </div>
<blockquote dir="ltr" style="border-left: 2px solid rgb(0, 0, 0); padding-right: 0px; padding-left: 5px; margin-left: 5px; margin-right: 0px;"><div class="Ih2E3d">
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">----- Original Message ----- </div>
<div style="background: rgb(228, 228, 228) none repeat scroll 0% 0%; -moz-background-clip: -moz-initial; -moz-background-origin: -moz-initial; -moz-background-inline-policy: -moz-initial; font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;">
<b>From:</b>
<a title="jumping.cod@gmail.com" href="mailto:jumping.cod@gmail.com" target="_blank">Jumping
Jack Flash</a> </div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>To:</b> <a title="cod@icculus.org" href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a> </div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>Sent:</b> Saturday, January 24, 2009 9:53
PM</div>
<div style="font-family: arial; font-style: normal; font-variant: normal; font-weight: normal; font-size: 10pt; line-height: normal; font-size-adjust: none; font-stretch: normal;"><b>Subject:</b> [cod] Cod WW: 1024 bytes Command
Exploit</div>
<div><font size="2" face="Arial"></font><font size="2" face="Arial"></font><font size="2" face="Arial"></font><br></div>Hi guys, every day my cod5 server fall down
cause this error: <span style="font-size: 16px; white-space: pre;">Attempted to overrun string in call
to va()</span>
<div><span style="font-size: 16px; white-space: pre;"><font size="2" face="Arial"></font><font size="2" face="Arial"></font><font size="2" face="Arial"></font><br></span></div>
<div><span style="white-space: pre;"><span style="font-size: small;">I've found some information
about it:</span></span></div>
</div><div><span style="font-size: 16px; white-space: pre;"><span style="font-family: 'times new roman'; white-space: normal;"><div class="Ih2E3d"><pre><span style="font-size: small;"><span style="font-style: italic;">"va() is a function of the Quake 3 engine used to quickly build strings
using snprintf and a static destination buffer.
If the generated string is longer than the available buffer the server
shows an "Attempted to overrun string in call to va()" error and
terminates.
>From Call of Duty 2 (and consequently) the size of this buffer has
been reduced from the original 32000 bytes to only 1024 causing many
problems to the admins.</span></span></pre></div><pre><span style="font-family: 'times new roman'; white-space: normal;"><div class="Ih2E3d"><pre><span style="font-size: small;"><span style="font-style: italic;">So in CoD5 an attacker which has joined the server can exploit this
vulnerability through the sending of a command longer than 1024 bytes
causing the immediate termination of the server."</span></span></pre><pre><span style="font-size: 12px;">I try it, and it works. I you send this command to the server, it will crash:<span style="font-style: italic;"></span></span></pre>
</div><pre><span style="font-size: 12px;"><span style="font-style: italic;">cmd I'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsI'mwithstupidsv</span></span></pre>
<div class="Ih2E3d"><pre><span style="font-size: 12px;"><span style="font-style: italic;"></span></span>
</pre><pre><span style="font-size: 12px;">I test it in differents servers, in someones worked, in other didn't... Anybody knows a solution for this exploit?</span></pre><pre><span style="font-size: 12px;">Thank, and sorry my english :P</span></pre>
<pre><span style="font-size: 12px;">JuMp!nG</span></pre><pre><span style="font-size: 12px;"><br></span></pre></div></span></pre></span></span></div></blockquote></div>
</blockquote></div><br>