Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:40

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
 Post subject: cod2 server crash!!
PostPosted: 23 Jan 2011 00:37 

Joined: 21 Jul 2010 22:27
Posts: 10
hello all...

i was playing at cod2 server and then someone came and said : warning this server will be crashed now then server crashed and gave me this msg : server disconnected -attemped to overrun string in call to va()


i want to know wht he did to crash the server...how he crashed it???!!

then i want to know how to protect server from that bug!!

thanks in advanced


Top
 Profile  
 
 
 Post subject: Re: cod2 server crash!!
PostPosted: 23 Jan 2011 12:06 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
fix:
http://aluigi.org/patches/cod2vawo.lpatch

how it was done:
I guess one of the following:
http://aluigi.org/adv/codmsgboom-adv.txt
http://aluigi.org/adv/codmapbof-adv.txt
http://aluigi.org/adv/cod4vamap-adv.txt


Top
 Profile  
 
 Post subject: Re: cod2 server crash!!
PostPosted: 24 Jan 2011 12:51 

Joined: 21 Jul 2010 22:27
Posts: 10
its cod2 1.0 ! and i tried all the reasons on same server and none crashed server.

but i didnt try this :

Code:
A] "Attempted to overrun string in call to va()" DoS
----------------------------------------------------

va() is a function of the Quake 3 engine used to quickly build strings
using snprintf and a static destination buffer.
If the generated string is longer than the available buffer the server
shows an "Attempted to overrun string in call to va()" error and
terminates.
From Call of Duty 2 (and consequently CoD4) the size of this buffer has
been reduced from the original 32000 bytes to only 1024 causing many
problems to the admins, for which reason I created an unofficial fix
for CoD2 in the far 2006 (http://aluigi.org/patches/cod2vawo.lpatch).

So in CoD4 an attacker which has joined the server can exploit this
vulnerability through the sending of a command longer than 1024 bytes
causing the immediate termination of the server.

UPDATE 07 Jul 2010:
It's NOT needed to join the server for exploiting this bug, indeed it's
enough to send a getchallenge packet with a long hash:

  yyyygetchallenge 0 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...1025...aaa

Only the LAN server aren't affected by this way because they don't
read that part of the packet.


any help ??!


Top
 Profile  
 
 Post subject: Re: cod2 server crash!!
PostPosted: 24 Jan 2011 15:10 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
my fix is for cod2 1.3, if you have an older version it's up to you to make the reversing job and manually create a patch compatible with that version


Top
 Profile  
 
 Post subject: Re: cod2 server crash!!
PostPosted: 24 Jan 2011 18:28 

Joined: 21 Jul 2010 22:27
Posts: 10
i dont want the fix !! i want to know how he crashed server.its in 1.0 and i tried all ur ways and didnt work on same server!!


Top
 Profile  
 
 Post subject: Re: cod2 server crash!!
PostPosted: 02 Feb 2011 15:14 

Joined: 21 Jul 2010 22:27
Posts: 10
BUMP


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: