Luigi Auriemma

I was successful in adding your patch to our server, which has decreased the amounts of server crashes per day. However late last night around 2am, it was crashed from 20 down to 0.

Are there any other known server crash exploits in 1.7 besides the previous notice that was released?

Thank you,
TicTac

there is the map vote bug but it can be exploited only if the vote passes which means that the server is empty or almost all the people there have voted yes

Oh ok gotcha... hmm because this guy constantly is crashing our server to zero.. I wish I knew how he was doing it.

don't you have other details about this problem?
For example when the server crashes you should see the classical Windows dialog box with the informations of the registers, knowing their values could be useful.
And useful is also any other detail (a comment made by this person, a strange log, anything else).

Ya I know what you mean, but its normally crashed at odd hours.. meaning around 2-4am.. when I am asleep.. because I work 9-6 everyday.

I'll ask the other admins to see what is going on, most of the time they report however that the screen just goes black and says connection interrupted, and everybody gets kicked out.

cod4 is still vulnerable to the q3 dirtrav bug.
is required to set cl_wwwDownload to 0 as first thing and then test q3dirtrav as usual.
the only problem is that the file is deleted by the client just after having downloaded it (run filemon to verify it) and at the moment I still don't have ideas about how bypassing this limitation.
In fact the output filename is relative to the CoD4 installation folder so is not possible to use named pipes for dumping the written data

I have solved the problem, a quick simple fopen() program has avoided the deleting of the file so CoD4 is vulnerable.

EDIT: in attachment there is the small tool for avoiding the deleting of the file.
If (for example) in q3dirtrav has been chosed the name tmp.txt as output file it's enough to verify that in the CoD4 folder the tmp.txt file does NOT exist, then set cl_wwwdownload to 0, launch forfopen specifying the tmp.txt file (or the full path if forfopen.exe is not in the CoD4 folder) and test q3dirtrav as usual.
forfopen will show a new message when the file has been created by CoD4 and will avoid its deleting because it's currently in use.

I'm curious to know why IW has not fixed this known old bug... mah

Hi, i am new, hmm, this forpopen how to work, the normal q3servercfgdownloader, when i download one server.cfg, i dont see in the cod4 folder. why, pls help?