There is a solution. In some servers don't work. That is why we must find how to protect our servers, and this exploit is very old, from cod2... it's nothing new...<div><br><div class="gmail_quote">2009/1/24 Hannu Kumpeli <span dir="ltr"><<a href="mailto:hannu@shadowstyle.nl">hannu@shadowstyle.nl</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Thx for the info hope this will be fixed in the new patch.<br>
<div class="Ih2E3d"><br>
> Hi guys, every day my cod5 server fall down cause this error: Attempted to<br>
> overrun string in call to va()<br>
> I've found some information about it:<br>
><br>
> "va() is a function of the Quake 3 engine used to quickly build strings<br>
> using snprintf and a static destination buffer.<br>
> If the generated string is longer than the available buffer the server<br>
> shows an "Attempted to overrun string in call to va()" error and<br>
> terminates.<br>
> From Call of Duty 2 (and consequently) the size of this buffer has<br>
> been reduced from the original 32000 bytes to only 1024 causing many<br>
> problems to the admins.<br>
><br>
> So in CoD5 an attacker which has joined the server can exploit this<br>
> vulnerability through the sending of a command longer than 1024 bytes<br>
> causing the immediate termination of the server."<br>
><br>
> I try it, and it works. I you send this command to the server, it will crash:<br>
><br>
</div>> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa> aaaa<br>
<div class="Ih2E3d">><br>
> I test it in differents servers, in someones worked, in other<br>
> didn't... Anybody knows a solution for this exploit?<br>
><br>
> Thank, and sorry my english :P<br>
><br>
> JuMp!nG<br>
<br>
<br>
</div>---<br>
To unsubscribe, send a blank email to <a href="mailto:cod-unsubscribe@icculus.org">cod-unsubscribe@icculus.org</a><br>
Mailing list archives: <a href="http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?38" target="_blank">http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?38</a><br>
<br>
<br>
</blockquote></div><br></div>