Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:16

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
 Post subject: q3dirtrav
PostPosted: 29 Jun 2008 21:14 

Joined: 29 Jun 2008 21:11
Posts: 28
When I try to pull the server.cfg or q3key (or c:\* for that matter) i get kicked and:
"server disconnected - illegal download request"

i am on q3 1.32. Is this a punk buster thing or something else? I have mine disabled and the servers I join don't have punkbuster either.


Top
 Profile  
 
 
 Post subject:
PostPosted: 29 Jun 2008 22:29 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Version 1.32c of Quake 3 fixes the vulnerability (CVE-2006-2082), otherwise could be my q3dirtravfix patch applied on a vulnerable executable


Top
 Profile  
 
 Post subject:
PostPosted: 01 Jul 2008 01:35 

Joined: 29 Jun 2008 21:11
Posts: 28
aluigi wrote:
Version 1.32c of Quake 3 fixes the vulnerability (CVE-2006-2082), otherwise could be my q3dirtravfix patch applied on a vulnerable executable


well what version does it work good on? I CAN get other files from the server. I download a pak file and it went successfully. On 1.16 I get an error ( i get get it if you really want). the error occurs when I hilight the process (quake3.exe) and press the exploit button

too bad I'm not a coder but a network man or i'd be helping you


Top
 Profile  
 
 Post subject:
PostPosted: 01 Jul 2008 09:12 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
the q3dirtrav proof-of-concept is compatible with the latest versions of almost all the Q3 based games, older versions like 1.16 have small differences in the code or in the structures which make them incompatible.


Top
 Profile  
 
 Post subject:
PostPosted: 29 Jul 2008 19:37 

Joined: 29 Jun 2008 21:11
Posts: 28
aluigi wrote:
the q3dirtrav proof-of-concept is compatible with the latest versions of almost all the Q3 based games, older versions like 1.16 have small differences in the code or in the structures which make them incompatible.


would it be the compressed connection thing again that prevents 1.16 from working you think? I looked in your code for it but didn't see anything about that though.

The actual error I get after pressing exploit on the dirtrav program is:
"max_packet_usercmds"

its said twice in my q3 console then it(quake 3) freezes


Top
 Profile  
 
 Post subject:
PostPosted: 30 Jul 2008 09:18 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
if your client crashes means that 1.16 uses a different player's structure, while if doesn't download the file (must be verified with filemon running on the server) means that 1.16 is not vulnerable or requires a different proof-of-concept for testing the bug


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: