[cod] 1.5x exploit ( was COD crash log ( regular ) )

BludGeonT[EUG] bludgeont at gmail.com
Tue Dec 21 13:02:05 EST 2004 

Interesting, have you scowered your logs to find this command?   I
wonder if there would be a way to set up some sort of alias to that
command to run something else, or to +setu on a variable (to have a
setting take place on a clients machine forced by the server) with the
same name as the server variable for this exploit, so that when a
client issues it, it spews out something else like a keyword that no
one would type on accident.  This keyword might be a PB ban filter for
say bad words and it would be cool that when the action is done, it
instead does like a say "Im-a-POS-hacker" to the server, and then PB
detects this as a ban'able word and kicks them.  I dont know for sure,
just brainstorming.

Of course a proper fix would be preferred, but there has to be
something that can be done to temporarily prevent this.  The command
that is being run by the clients would be most helpful to know.

(shrug)

BludGeonT[EUG]


On Tue, 21 Dec 2004 16:06:42 -0000, Steven Hartland
<killing at multiplay.co.uk> wrote:
> Can we not hijack topics and start a new one.
> If you have the details for this exploit mail:
> Ryan C. Gordon <icculus at clutteredmind.org>
> Privately with the details so we can get it fixed.
> 
>    Steve / K
> ----- Original Message -----
> From: "Atomic Hund" <atomic_hund at inetworkus.com>
> 
> For those unaware this patch comes with a nice big fat exploit for server killing. Through console a user not spectator can enter
> a particular command that will essentially kill the server. It makes the server look for resources and when it can't find them it
> restarts. The clients are dumped and server restarts. This affects both new patches. If the console cvar is locked out and the
> command is bound they can still do it as well as still beat the PB bind search. This may be why you suddenly have the crashes.
> Also an FYI is someone makes a threat to you that they will kill the server. We have had it happen on a few of ours already.
> 
> ================================================
> This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it.
> 
> In the event of misdirection, illegible or incomplete transmission please telephone (023) 8024 3137
> or return the E.mail to postmaster at multiplay.co.uk.
> 
>

More information about the Cod mailing list