[mohaa] MOHAA linux server with potential exploit fix.

Mohaa Admin (vandrosthagen.net) mohaa at vandrosthagen.net
Thu Jul 22 12:03:40 EDT 2004 

Ryan,

A little update, the code is not ok, after placing the nu binary i get the
following error : couldn't exec server.cfg

Here is my startup

/games/mohaa/spearhead_lnxded +set dedicated 2 +set net_IP 217.19.28.175
+set net_port 12203 +set developer 2 +set chat 1 +set sv_chatter 1 +set
cheats 0 +set logfile 2 +set ui_console 1 +set fs_outputpath
/games/mohaa/log +set logfilename qconsole.log +exec server.cfg


Here is my complete logging

--------------------------------------------------------------------------

--- Common Initialization ---
Medal of Honor Allied Assault 1.11 linux-i386 Jul 22 2004
Cvar_Set2: fs_outputpath /games/mohaa/log
----- FS_Startup -----
Current search path:
/games/mohaa/mohadmin/.mohaa/main
/games/mohaa/main
/games/mohaa/main/Pak7Nl.pk3 (102 files)
/games/mohaa/main/Pak5.pk3 (259 files)
/games/mohaa/main/Pak4.pk3 (593 files)
/games/mohaa/main/Pak3.pk3 (669 files)
/games/mohaa/main/Pak2.pk3 (4722 files)
/games/mohaa/main/Pak1.pk3 (772 files)
/games/mohaa/main/Pak0.pk3 (11175 files)

handle 1: qconsole.log
----------------------
18292 files in pk3 files
execing default.cfg
execing menu.cfg
Cvar_Set2: viewsize 100
Cvar_Set2: ui_crosshair 1
Cvar_Set2: cl_altbindings 0
Cvar_Set2: cl_ctrlbindings 0
Cvar_Set2: ui_voodoo 0
Cvar_Set2: ui_dmmap
Cvar_Set2: ui_gametype
Cvar_Set2: ui_gametypestring
Cvar_Set2: ui_maxclients 32
Cvar_Set2: ui_gamespy 1
Cvar_Set2: ui_fraglimit 0
Cvar_Set2: ui_timelimit 0
Cvar_Set2: ui_teamdamage 0
Cvar_Set2: ui_connectip 0.0.0.0
Cvar_Set2: ui_inactivespectate 60
Cvar_Set2: ui_inactivekick 900
Cvar_Set2: ui_maplist_ffa dm/mohdm1 dm/mohdm2 dm/mohdm3 dm/mohdm4 dm/mohdm5
dm/mohdm6 dm/mohdm7
Cvar_Set2: ui_maplist_team dm/mohdm1 dm/mohdm2 dm/mohdm3 dm/mohdm4 dm/mohdm5
dm/mohdm6 dm/mohdm7
Cvar_Set2: ui_maplist_round dm/mohdm1 dm/mohdm2 dm/mohdm3 dm/mohdm4
dm/mohdm5 dm/mohdm6 dm/mohdm7
Cvar_Set2: ui_maplist_obj obj/obj_team1 obj/obj_team2 obj/obj_team3
obj/obj_team4
Cvar_Set2: ui_hostname Nameless Battle
Cvar_Set2: detail 1
Cvar_Set2: g_skill 1
Cvar_Set2: g_subtitle 0
Cvar_Set2: ui_signshader
Cvar_Set2: ui_medalsign
Cvar_Set2: ui_voodoo 0
Cvar_Set2: g_medal0 0
Cvar_Set2: g_medal1 0
Cvar_Set2: g_medal2 0
Cvar_Set2: g_medal3 0
Cvar_Set2: g_medal4 0
Cvar_Set2: g_medal5 0
Cvar_Set2: g_eogmedal0 0
Cvar_Set2: g_eogmedal1 0
Cvar_Set2: g_eogmedal2 0
Cvar_Set2: g_m1l1 1
Cvar_Set2: g_m1l2 0
Cvar_Set2: g_m1l3 0
Cvar_Set2: g_m2l1 0
Cvar_Set2: g_m2l2 0
Cvar_Set2: g_m2l3 0
Cvar_Set2: g_m3l1 0
Cvar_Set2: g_m3l2 0
Cvar_Set2: g_m3l3 0
Cvar_Set2: g_m4l1 0
Cvar_Set2: g_m4l2 0
Cvar_Set2: g_m4l3 0
Cvar_Set2: g_m5l1 0
Cvar_Set2: g_m5l2 0
Cvar_Set2: g_m5l3 0
Cvar_Set2: g_m6l1 0
Cvar_Set2: g_m6l2 0
Cvar_Set2: g_m6l3 0
^~^~^ Can't find newconfig.cfg
couldn't exec newconfig.cfg
Cvar_Set2: config unnamedsoldier.cfg
Config: unnamedsoldier.cfg
^~^~^ Can't find configs/unnamedsoldier.cfg
couldn't exec configs/unnamedsoldier.cfg
^~^~^ Can't find localized.cfg
couldn't exec localized.cfg
execing autoexec.cfg
^~^~^ Can't find custom.cfg
couldn't exec custom.cfg
Cvar_Set2: g_voiceChat 0
Cvar_Set2: cl_playintro 1
Cvar_Set2: ui_skip_eamovie 0
Cvar_Set2: ui_skip_titlescreen 0
Cvar_Set2: ui_skip_legalscreen 0
Cvar_Set2: ui_titlescreen_fadein .5
Cvar_Set2: ui_titlescreen_fadeout .5
Cvar_Set2: ui_titlescreen_stay 3
Cvar_Set2: ui_legalscreen_fadein .5
Cvar_Set2: ui_legalscreen_fadeout .5
Cvar_Set2: ui_legalscreen_stay 3
Cvar_Set2: dedicated 2
Cvar_Set2: net_IP 217.19.28.175
Cvar_Set2: net_port 12203
Cvar_Set2: developer 2
Cvar_Set2: chat 1
Cvar_Set2: sv_chatter 1
Cvar_Set2: cheats 0
Cvar_Set2: logfile 2
Cvar_Set2: ui_console 1
Cvar_Set2: fs_outputpath /games/mohaa/log
Cvar_Set2: logfilename qconsole.log
Cvar_Set2: config unnamedsoldier.cfg
Cvar_Set2: viewlog 1
Cvar_Set2: arch linux i386
Cvar_Set2: username mohaa
Cvar_Set2: g_maxplayerhealth 750
Cvar_Set2: skill 1
You are now setup for medium mode.
Opening IP socket: 217.19.28.175:12203
Cvar_Set2: net_port 12203
Hostname: vandrosthagen.net
Alias: Firewall
Alias: localhost
IP: 127.0.0.1
--- Common Initialization Complete --- 806 ms
--- Localization: I see 0 localization files
--- Localization: reading file global/localization.txt
Loading Localization File global/localization.txt
Loaded 515 localization entries
Cvar_Set2: dedicated 2
Cvar_Set2: net_IP 217.19.28.175
Cvar_Set2: net_port 12203
Cvar_Set2: developer 2
Cvar_Set2: chat 1
Cvar_Set2: sv_chatter 1
Cvar_Set2: cheats 0
Cvar_Set2: logfile 2
Cvar_Set2: ui_console 1
Cvar_Set2: fs_outputpath /games/mohaa/log
Cvar_Set2: logfilename qconsole.log
^~^~^ Can't find server.cfg
couldn't exec server.cfg

----------------------------------------------------------------------------


Regards
Quint


----- Original Message ----- 
From: "Mohaa Admin (vandrosthagen.net)" <mohaa at vandrosthagen.net>
To: <mohaa at icculus.org>
Sent: Thursday, July 22, 2004 17:56
Subject: Re: [mohaa] MOHAA linux server with potential exploit fix.


> Ryan,
>
> Placed it on my server, and the bug is disapeared, i will keep my server a
> close look for a couple of days to see what happens. Thanks for the fast
> response.
>
> Oohh yeah if you want to test anything my server ip is : 217.19.28.175
>
> Regards
> Quint
>
> ----- Original Message ----- 
> From: "Ryan C. Gordon" <icculus at clutteredmind.org>
> To: <mohaa at icculus.org>
> Sent: Thursday, July 22, 2004 06:28
> Subject: [mohaa] MOHAA linux server with potential exploit fix.
>
>
> >
> > Ok, I looked into the MOHAA buffer overflow, and I _think_ that I have a
> >   fix. I say "think" because I'm screwing with this from a hotel room
> > over ssh and don't have a MOHAA client installed to test locally, or
> > even MOHAA installed remotely to make sure the server will even start
up.
> >
> > In short, please consider this to be an extremely unstable beta until
> > proven otherwise.
> >
> >     http://icculus.org/betas/mohaa/mohaa-lnxded-07222004.tar.bz2
> >
> > Download, unpack, replace mohaa_lnxded and fgameded.so in your server
> > installation.
> >
> > Please note that this build was built with gcc3, and will need an
> > external support library. Explanation of what to do if you get an error
> > about "libstdc++" or something instead of a running server is here:
> >
> >     https://bugzilla.icculus.org/show_bug.cgi?id=1801
> >
> > If someone can confirm that this build does indeed close the exploit and
> > doesn't generally suck, I'll do the same for Spearhead, too.
> >
> > Thanks,
> > --ryan.
> >
> >
> >
> >
>
>
>
>
>

More information about the Mohaa mailing list