[mohaa] Latest mohaa_lnxded binaries - bufferoverflow not fixed?

Tue Aug 10 09:00:28 EDT 2004

it was easy to do. I downloaded this and no cd key was needed. there were 
no servers which could stop it.

I'll give it about 2 weeks before this program becomes widespread and all 
uk MoH servers get attacked on a daily basis unless something is done.

I've submitted some information to EA and Im going to follow up with a 
phone call later. I suspect that if the MoH franchise is of any value to 
them, they will release a new patch for allied assault, spearhead and 
Breakthrough. All of which are affected by this exploit which has NOT been 
patched and CANNOT be patched due to its complexity and the need for EA's 
cooperation in developing a patch for this. Otherwise its MoH down the 
pan........ and we can all go back to playing solitaire.....

Kim

At 09:19 10/08/2004 +0100, you wrote:
>I think ryan mentioned this before and said that it would be very 
>difficult to do due to the way that cd-key authentication works.
>
>i.e. a person has to connect to validate a key.
>
>I could be way off but i seem to recall that.
>
>Richard.
>
>The Guvnor <guvnor at evildictators.com> wrote:
>Ive found out how people do this, and so far, there is nothing that can
>stop this.
>
>Ryan, I will email you the dos program they used to do this so you can look
>at how to patch the current binaries against this.
>
>ps. please make it 64bit compatible.
>
>
>
>
>
>
>
>
>
>Kim
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>++++++++++++++++++++++++++++++++++++++++++
>Hi ryan et all,
>
>im a little confused as to how the latest mohaa binaries fix the buffer
>overflow problem. Players are still able to occupy the server slots with
>fake names using the same ip all in the same minute. Look at the below:
>
>8th aug 04
>21:18:14 Iamafake/81.156.111.91 has logged on to play
>21:18:14 fakeplayer/81.156.111.91 has logged on to play
>21:20:40 Iamafake/81.156.111.91 has logged on to play
>21:20:40 fakeplayer/81.156.111.91 has logged on to play
>21:20:41 cantseeme/81.156.111.91 has logged on to play
>
>9th aug 04
>16:01:47 Iamafake/81.156.165.154 has logged on to play
>16:01:48 fakeplayer/81.156.165.154 has logged on to play
>16:01:48 cantseeme/81.156.165.154 has logged on to play
>16:01:49 dontkickme/81.156.165.154 has logged on to play
>16:01:49 Iamhere/81.156.165.154 has logged on to play
>16:01:49 wearealot/81.156.165.154 has logged on to play
>16:01:50 kickme/81.156.165.154 has logged on to play
>16:01:57 fake/81.156.165.154 has logged on to play
>16:01:57 whoamI/81.156.165.154 has logged on to play
>16:01:58 whatamI/81.156.165.154 has logged on to play
>16:01:59 whatImustdo/81.156.165.154 has logged on to play
>16:02:00 Ihate/81.156.165.154 has logged on to play
>16:02:00 whoIhate/81.156.165.154 has logged on to play
>16:02:01 whatIhate/81.156.165.154 has logged on to play
>16:02:01 whyIhate/81.156.165.154 has logged on to play
>16:03:54 isthisaPoC/81.156.165.154 has logged on to play
>
>Is the latest binaries supposed to be able to 'stop' the problem or just
>'limit it' somehow? Whatever it is, the latest binaries dont seem to be
>stopping the problem, some servers have only have 12 players maximum and it
>takes just one goofball to take it out. The posted CI logs above are for a
>server that has the latest mohaa linux binaries.
>
>
>
>Kim
>
>
>
>This message has been processed by 
><http://www.firetrust.com/products/benign/>Firetrust Benign.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/mohaa/attachments/20040810/b2a5e008/attachment.htm>