|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 11:56
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 1 post ] |
|
Author |
Message |
aluigi
|
Post subject: Medal of Honor Airborne 1.3 server freeze Posted: 11 Feb 2010 22:26 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
this bug is very simple and at the same time enough important, indeed I guess I should track it on my website as usual but at the moment I'm tired and no longer interested in security.
the MOHA dedicated (version 0.1236/0.1240 aka 1.3) has a service called "Remote Administration" running by default on port 13500. this service is not much well written and this can be easily guessed when it's made a connection to that port and the cpu goes at 100%... even without sending data (only in vesion 1.1 was necessary to send at least one byte to see this effect). or for example it's enough to send 8 'A's to spawn the messagebox "wxSocket: invalid signature in ReadMsg".
anyway the real problem is another: if the server receives 2 contemporary at the same time and no data is sent it will freeze completely with cpu at 100% forever, even after the connections are dropped.
this same effect is visible also if the attacker makes one "empty" connection and while he is connected the real admin connected before him through dsremote.exe sends one command.
testing example: > tcpfp SERVER 13500 (interrupt it after the second 2nd "connect")
|
|
Top |
|
|
|
|
|
|
|
|
Page 1 of 1
|
[ 1 post ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|