On the wild guess here that you want to keep it 1.0.<div><br></div><div>Can you do a layer 7 firewall rule?<br><br><div class="gmail_quote">On Mon, Oct 19, 2009 at 9:43 PM, Robert Mount <span dir="ltr"><<a href="mailto:rmount@gmail.com">rmount@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><a href="http://aluigi.org/patches/cod2vawo.lpatch" target="_blank">http://aluigi.org/patches/cod2vawo.lpatch</a><br>
<div><div></div><div class="h5"><br>
On Mon, Oct 19, 2009 at 6:13 PM, pet <<a href="mailto:games@maxrate.pl">games@maxrate.pl</a>> wrote:<br>
> So :) I have some little problem, which is probably well known:<br>
><br>
> ERROR: Attempted to overrun string in call to va()<br>
><br>
> yep, somebody has messed up on my cod 2 1.0 server<br>
><br>
><br>
><br>
> "va() is a function of the Quake 3 engine used to quickly build strings<br>
> using snprintf and a static destination buffer.<br>
> Read more on: : i3D.net Game Forums<br>
> <a href="http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes-command-exploit.html" target="_blank">http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes-command-exploit.html</a><br>
> If the generated string is longer than the available buffer the server<br>
> shows an "Attempted to overrun string in call to va()" error and<br>
> terminates.<br>
> From Call of Duty 2 (and consequently) the size of this buffer has<br>
> been reduced from the original 32000 bytes to only 1024 causing many<br>
> problems to the admins.<br>
><br>
> So in CoD5 an attacker which has joined the server can exploit this<br>
> vulnerability through the sending of a command longer than 1024 bytes<br>
> causing the immediate termination of the server."<br>
><br>
> I try it, and it works. I you send this command to the server, it will<br>
> crash:<br>
><br>
> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa<br>
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa<br>
><br>
><br>
> so<br>
><br>
> any solution ?<br>
><br>
><br>
> any help will be appreciated.<br>
><br>
><br>
> _______________________________________________<br>
> cod mailing list<br>
> <a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
> <a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
><br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Josh Luthman<br><br>A patch in time saves kill -9<br>-<a href="http://www.tuxmaniac.com">http://www.tuxmaniac.com</a><br>
</div>