[mohaa] Latest mohaa_lnxded binaries - bufferoverflow not fixed?
The Guvnor
guvnor at evildictators.com
Tue Aug 10 09:02:26 EDT 2004
I've just received acknowledgement from EA that they are now aware of this
problem and are looking into it. here is their response:
<SNIP>
Hi Kim,
Many thanks for your email, I have passed this on to our teams and am
awaiting a response from them, I should have some more infomation at some
point tomorrow.
I'll keep you informed.
Best Regards,
Matt
EA Support Centre, UK and Eire
www.uk.ea.com
www.ie.ea.com
</SNIP>
At 09:19 10/08/2004 +0100, you wrote:
>I think ryan mentioned this before and said that it would be very
>difficult to do due to the way that cd-key authentication works.
>
>i.e. a person has to connect to validate a key.
>
>I could be way off but i seem to recall that.
>
>Richard.
>
>The Guvnor <guvnor at evildictators.com> wrote:
>Ive found out how people do this, and so far, there is nothing that can
>stop this.
>
>Ryan, I will email you the dos program they used to do this so you can look
>at how to patch the current binaries against this.
>
>ps. please make it 64bit compatible.
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>Kim
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>++++++++++++++++++++++++++++++++++++++++++
>Hi ryan et all,
>
>im a little confused as to how the latest mohaa binaries fix the buffer
>overflow problem. Players are still able to occupy the server slots with
>fake names using the same ip all in the same minute. Look at the below:
>
>8th aug 04
>21:18:14 Iamafake/81.156.111.91 has logged on to play
>21:18:14 fakeplayer/81.156.111.91 has logged on to play
>21:20:40 Iamafake/81.156.111.91 has logged on to play
>21:20:40 fakeplayer/81.156.111.91 has logged on to play
>21:20:41 cantseeme/81.156.111.91 has logged on to play
>
>9th aug 04
>16:01:47 Iamafake/81.156.165.154 has logged on to play
>16:01:48 fakeplayer/81.156.165.154 has logged on to play
>16:01:48 cantseeme/81.156.165.154 has logged on to play
>16:01:49 dontkickme/81.156.165.154 has logged on to play
>16:01:49 Iamhere/81.156.165.154 has logged on to play
>16:01:49 wearealot/81.156.165.154 has logged on to play
>16:01:50 kickme/81.156.165.154 has logged on to play
>16:01:57 fake/81.156.165.154 has logged on to play
>16:01:57 whoamI/81.156.165.154 has logged on to play
>16:01:58 whatamI/81.156.165.154 has logged on to play
>16:01:59 whatImustdo/81.156.165.154 has logged on to play
>16:02:00 Ihate/81.156.165.154 has logged on to play
>16:02:00 whoIhate/81.156.165.154 has logged on to play
>16:02:01 whatIhate/81.156.165.154 has logged on to play
>16:02:01 whyIhate/81.156.165.154 has logged on to play
>16:03:54 isthisaPoC/81.156.165.154 has logged on to play
>
>Is the latest binaries supposed to be able to 'stop' the problem or just
>'limit it' somehow? Whatever it is, the latest binaries dont seem to be
>stopping the problem, some servers have only have 12 players maximum and it
>takes just one goofball to take it out. The posted CI logs above are for a
>server that has the latest mohaa linux binaries.
>
>
>
>Kim
>
>
>
>This message has been processed by
><http://www.firetrust.com/products/benign/>Firetrust Benign.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://icculus.org/pipermail/mohaa/attachments/20040810/652c1c58/attachment.htm>
More information about the Mohaa
mailing list