[cod] forget about IW2 and get back to work :)

Robert Mount rmount at gmail.com
Mon Oct 19 21:43:06 EDT 2009


http://aluigi.org/patches/cod2vawo.lpatch

On Mon, Oct 19, 2009 at 6:13 PM, pet <games at maxrate.pl> wrote:
> So :) I have some little problem, which is probably well known:
>
> ERROR: Attempted to overrun string in call to va()
>
> yep, somebody has messed up on my cod 2 1.0 server
>
>
>
> "va() is a function of the Quake 3 engine used to quickly build strings
> using snprintf and a static destination buffer.
> Read more on: : i3D.net Game Forums
> http://forum.i3d.net/call-duty-series-newsletter/48158-cod-cod-ww-1024-bytes-command-exploit.html
> If the generated string is longer than the available buffer the server
> shows an "Attempted to overrun string in call to va()" error and
> terminates.
> From Call of Duty 2 (and consequently) the size of this buffer has
> been reduced from the original 32000 bytes to only 1024 causing many
> problems to the admins.
>
> So in CoD5 an attacker which has joined the server can exploit this
> vulnerability through the sending of a command longer than 1024 bytes
> causing the immediate termination of the server."
>
> I try it, and it works. I you send this command to the server, it will
> crash:
>
> cmd aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
> aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaa
>
>
> so
>
> any solution ?
>
>
> any help will be appreciated.
>
>
> _______________________________________________
> cod mailing list
> cod at icculus.org
> http://icculus.org/mailman/listinfo/cod
>


More information about the cod mailing list