|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 12:26
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 4 posts ] |
|
Author |
Message |
SomaFM
|
Post subject: Battlefield 2 1.50 voip failed assertion Posted: 30 Jun 2010 05:41 |
|
Joined: 16 Aug 2007 06:25 Posts: 367
|
I tried testing this on multiple servers with VOIP enabled, but wasn't able to reproduce a crash.
I assume the clients talk directly to the VOIP server/port because when I did a packet scan while talking on these servers, I saw traffic being sent to a different port. Often times it was different (but close to) the port you mentioned, though it had to be VOIP traffic.
When I ran UDPSZ (udpsz -b 0x68 SERVER PORT 1) replacing the server and port accordingly, I wasn't able to reproduce this on any servers. They were all running 1.5.3153-802.0.
Thoughts on this? Are there any restrictions/requirements for the client besides a simple udp packet to the correct server/port?
|
|
Top |
|
|
|
|
|
|
|
aluigi
|
Post subject: Re: Battlefield 2 1.50 voip failed assertion Posted: 30 Jun 2010 10:34 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
as written in the advisory the huge limitation of this bug is the fact that the port 55124 is bound on the interface needed to reach the voip server so by default it's 127.0.0.1 making the bug almost impossible to exploit.
for doing the test you need to run the server locally and then launching udps using 127.0.0.1 as server. if you set VoipServerRemoteIP to 1.2.3.4 then you can reach the 55124 port also from internet but I guess this particular setup is used by one or probably just no servers because a very rare event
|
|
Top |
|
|
SomaFM
|
Post subject: Re: Battlefield 2 1.50 voip failed assertion Posted: 01 Jul 2010 04:27 |
|
Joined: 16 Aug 2007 06:25 Posts: 367
|
Thanks for the info. I really enjoy the BF2 stuff you release :) I'm betting theres even more problems yet to be released.
|
|
Top |
|
|
aluigi
|
Post subject: Re: Battlefield 2 1.50 voip failed assertion Posted: 01 Jul 2010 08:51 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
I'm sure there are other things but the problem is the protocol that is too boring and chaotic to test. anyway I found very interesting the directory traversal bug, it affects only the client but was a good finding moreover because didn't require boring technical analysis :)
|
|
Top |
|
|
|
Page 1 of 1
|
[ 4 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|