Sorry, but this problem was reported a month ago. You got logfiles too... Topic was "Server Crash Exploit Part 2" by hondaman.
Aha, a way to reproduce the problem! Just what we needed, I will pass this on to the team :)
- Alfred
----Original Message---- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of The Fool Sent: Tuesday, February 08, 2005 7:49 AM To: [email protected] Subject: Re: [hlds_linux] Remote exploit causes Linux server to crash! Valve, please read
Funny. Am i right if i say that the server tries to disconnect a non-existing user? I mean he connects, disconnects fast, server catches he's banned, server triesd to disconnect, but, the user is already disconnected == application error?
Or... it's just not so easy? :)
> Starting a new thread, this really needs to be addressed by Valve. > > > Its a known bug amongst us who run the servers, but Alfred wont > > fix it until someone can duplicate it. If a person is banned, > > the server can be crashed at will by these kids by repeated > > rejoin attempts. > > You were absolutely right. I discovered from log parsing that the > same person from IP 63.197.68.40 (STEAM_0:0:6023457) has been > crashing my server every day for a month since he was banned. > However, I think the problem is worse than a DoS -- he is able to > do it in one fast connect/disconnect attempt from the look of my > logs. It's definitely him though, because every time the server > gets a segmentation fault, it is him who join/parted immediately > before. > > My guess is that the join flooding is a red herring -- the script > does that until the exploit works, but isn't the cause of the crash > itself. > > This needs to be addressed ASAP by Valve. I am very concerned that > this may have the possibility to be exploited as remote code > execution if it is a buffer overflow from malformed packets. What > do I need to do to prove this is a critical exploit in server code > to Valve? Would packet captures from his IP help? This loser has > been doing this *every* day for a month! He is now blocked from > the firewall, but this is a reactionary defense. This bug NEEDS to > be fixed. > > > > L 02/06/2005 - 00:28:23: "{ D-MOB } kiLLAZ<355><STEAM_ID_PENDING><>" > connected, address "63.197.68.40:27005" > LLAZ] [STEAM_ID_PENDING] > L 02/06/2005 - 00:28:24: "{ D-MOB } kiLLAZ<355><STEAM_ID_PENDING><>" > disconnected (reason "Disconnect by user.") Dropped { D-MOB } > kiLLAZ from server Reason: Disconnect by user. > /home/cjones/local/steam/srcds_run: line 423: 16168 Segmentation > fault $HL_CMD > > > > -- > Chris > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux >
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
