[mohaa] Security flaw in Q3 engine?

Christian Titulaer titulaer at 4players.de
Sat Jan 18 09:44:42 EST 2003


Ok...

facts are, that this problem can be very serious... but... hey...
I remember some news-posts of various ages (from 1 to 3 years!)
where exactly this case was described!

Not that I'm not interested in a fix (we're currently running >
400 servers, and most of them are vulnerable, except Global Ops,
which uses TCP instead of UDP :)), but... this so-called "bug" is
an error in a software-design which is used for a "long" time now
(in gaming time, of course, this protocol could be named the
methusalem of internet gaming) - this protocol was designed long
before (ok, not that long, but still before) the first DDoSes or
DoSes came around, no one thought of that possibility (ok,
someone did, but these people where totally unrelated to the
gaming industry, and the gaming industry does not care for any
network admins :)), and these discussions were held by a small
number of people...

And this flaw would not have been noticed if a small company,
which needed some kind of advertisement in my opinion, have made
an advisory of that!

And... finally... do you think, that ID in example will make a
patch for quakeworld to fix this? This "bug" will remain in most
of the affected games, except the ones where the developers are
still working on it (mohaa, bf42, ut2003, here I'm sure Ryan will
incorporate these fixes as they hit the community ;)

So everybody calm down, get something to drink and relax :)

Regards
  Christian

-- 
http://www.4netplayers.de - http://www.4players.de



More information about the Mohaa mailing list