Not sure if that was mentioned already, but you can even crash the server with an authed RCON (= valid password) "flood" while the server is in a mapchange process. Those who use Munin SRCDS plugin might discovered that already. 9 RCON attempts due mapchange process can crash the server already.
So if you´d like to "reproduce" the flaw, at best just start an "rcon flood" and let the server change the map. Regards > well, maybe it's OS related, some time ago i also tried to reproduce > this exploit and succeded couple of time and also failed couple of > times, also servers with metamod plugin ware more vulnerable then those > ones without metamod, anyway all my servers ware crashed some time abo > (resolved it with iptables) > > box#1 gentoo linux > 3x css, 3x insurgency > > box#2 gentoo linux > 1x css, 1x insurgency > > box#3 gentoo linux > 8x css > > ics pisze: > >> I will share some of the information i have regarding this issue. I >> discussed this with Valve employee, Eric Smith about this a while ago >> privately on multiple emails back and forth about this and gave him the >> exploit and how to do it. I told him that we had several css and tf2 >> servers that went down if this exploit was done on them. The gameservers >> should ban the exploiters IP but instead, they go crashing down. I also >> talked someone who works with SourceMod because first i thought this was >> plugin related thing and he said they have been blamed for the exploit >> (that sourcemod was causing it) which is what i suspected first too, >> since i contacted him. I was sure that it was plugin related. Turns out >> i was wrong. >> >> Meanwhile, the Valve fellow contacted me back and told that he was not >> able to reproduce the issue. He also asked if i ran any plugins and i >> told him that i ran Sourcemod. After that, i tested our servers without >> any plugins too (which is what i should have done first anyways) but >> they still went down. Then the Sourcemod fellow set up a vanilla box and >> we managed to get it crash too. This sort of proved that it's really not >> any plugin related issue. I could not believe it at first and i was >> beginning to doubt myself so i set up a css and tf2 servers on my home >> test box and i was not able to make them crash either. At this point, >> Eric said there is something going on but he isn't sure what and this is >> the situation today too. No one seem to know what is exactly the cause >> or how to reproduce the crash. All we know is that some gameservers >> crash while the exploit is done on them but some servers do not. With or >> without plugins >> >> I suspect that some software under operation system makes the srcds >> vulnerable to this exploit or then there is a hidden flaw in srcds which >> activates only on certain os system setups. If you have any new >> information about this issue, i suggest you contact >> er...@valvesoftware.com off the list directly so no one gets any bright >> ideas. I temporarely managed to fix the issue on the box which had game >> servers vulnerable to this exploit. >> >> -ics >> >> Carl kirjoitti: >> >> >>> I have had this problem too, but I ended up just disabling the rcon port >>> with iptables and only using sm_rcon. It does, however, need to be fixed. >>> >>> Chris wrote: >>> >>> >>> >>>> This has been going on since at least Oct/Nov 2008. >>>> There was a lengthy discussion about this in Nov 2008, >>>> check the archives here for a topic called "RCON banpenalty killing >>>> servers!". >>>> >>>> This still occurs. (and, yes I know I can disable rcon, but why can't >>>> they fix it?) >>>> >>>> rcon from "208.5.202.6:18184": Bad Password >>>> rcon from "208.5.202.6:18184": Bad Password >>>> rcon from "208.5.202.6:18184": Bad Password >>>> rcon from "208.5.202.6:18184": Bad Password >>>> rcon from "208.5.202.6:18184": Bad Password >>>> ./srcds_run: line 344: 2719 Segmentation fault $HL_CMD >>>> >>>> linux CSS >>>> version : 1.0.0.34/7 3734 >>>> >>>> _______________________________________________ >>>> To unsubscribe, edit your list preferences, or view the list archives, >>>> please visit: >>>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>>> >>>> >>>> >>>> >>> _______________________________________________ >>> To unsubscribe, edit your list preferences, or view the list archives, >>> please visit: >>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >>> >>> >>> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> >> >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4230 (20090710) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com > > > > > -- Mailing List Conversations - mail...@ml86.de - Please don´t spam :) _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
