Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:27

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: Questions over Com_PushEvent
PostPosted: 16 Jul 2010 18:58 

Joined: 16 Jul 2010 18:43
Posts: 10
Jedi Academy is vulnerable to Com_PushEvent overflows, are there other such games vulnerable to this?
This exploit isn't exactly detrimental to a server, it can possibly kick players by causing many lag spikes in a short amount of time and it prevents server issued commands(direct and remote). It can be annoying at most. I am curious if others are aware of this and know of a known fix for it.

I can post my proof of concept if required.


Top
 Profile  
 
 
 Post subject: Re: Questions over Com_PushEvent
PostPosted: 17 Jul 2010 09:40 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
in the ChangeLog file of the Q3 1.32 source code there is a note of the 2000 stating:
"TODO: WARNING: Com_PushEvent overflow"
so being a "todo" means they did nothing or similar, anyway it's referred to a warning showed when the game receives more than 1024 events but it's not clear if it's a client or server thing.

try to post your code, maybe the source can be ported to other games to see the effects of the problem on them


Top
 Profile  
 
 Post subject: Re: Questions over Com_PushEvent
PostPosted: 17 Jul 2010 20:33 

Joined: 16 Jul 2010 18:43
Posts: 10
I had the opportunity to test it on Call of Duty and it didn't work. However, further testing of my program uncovered a bigger problem that needs to be fixed. When run it knocks the server internet offline, and then the attacker. But it only does this to Jedi Servers it seems. So I'll fix that before I get ready to release the source code.

[Edit] I'd like to add that my proof of concept does not require the attacker to actually be inside of a game, nor does it require an install. Here is a video of what the server would see while running the exploit(with the internet knock out bug intact.).
http://www.youtube.com/watch?v=vTo6Z4WT5D8
Ignore the oopsies, I was using public internet when I recorded it.


Last edited by noa on 17 Jul 2010 20:54, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: Questions over Com_PushEvent
PostPosted: 17 Jul 2010 20:39 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
uhmmm I don't understand.
if the server crashes what you want to fix in your tool?
it's a bug in the game server


Top
 Profile  
 
 Post subject: Re: Questions over Com_PushEvent
PostPosted: 17 Jul 2010 20:56 

Joined: 16 Jul 2010 18:43
Posts: 10
I apologize for insinuating that the server crashes. It does not.
A bug in my tool actually kills the internet of the attacker and the internet of the server. It only did this while running the tool on a Jedi server though and I want to fix this issue inside of my tool before releasing the source code to it.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: