We have reproduced the problem internally and are working on a fix. - Alfred
----Original Message---- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alfred Reynolds Sent: Tuesday, February 08, 2005 1:35 PM To: [email protected] Subject: RE: [hlds_linux] Remote exploit causes Linux server to crash! Valve, please read > Aha, a way to reproduce the problem! Just what we needed, I will pass > this on to the team :) > > - Alfred > > ----Original Message---- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of The Fool > Sent: Tuesday, February 08, 2005 7:49 AM To: > [email protected] Subject: Re: [hlds_linux] Remote > exploit causes Linux server to crash! Valve, please read > > > Funny. Am i right if i say that the server tries to disconnect a > > non-existing user? I mean he connects, disconnects fast, server > > catches he's banned, server triesd to disconnect, but, the user is > > already disconnected == application error? > > > > Or... it's just not so easy? :) > > > > > > > Starting a new thread, this really needs to be addressed by Valve. > > > > > > > Its a known bug amongst us who run the servers, but Alfred wont > > > > fix it until someone can duplicate it. If a person is banned, > > > > the server can be crashed at will by these kids by repeated > > > > rejoin attempts. > > > > > > You were absolutely right. I discovered from log parsing that the > > > same person from IP 63.197.68.40 (STEAM_0:0:6023457) has been > > > crashing my server every day for a month since he was banned. > > > However, I think the problem is worse than a DoS -- he is able to > > > do it in one fast connect/disconnect attempt from the look of my > > > logs. It's definitely him though, because every time the server > > > gets a segmentation fault, it is him who join/parted immediately > > > before. > > > > > > My guess is that the join flooding is a red herring -- the script > > > does that until the exploit works, but isn't the cause of the > > > crash itself. > > > > > > This needs to be addressed ASAP by Valve. I am very concerned > > > that this may have the possibility to be exploited as remote code > > > execution if it is a buffer overflow from malformed packets. What > > > do I need to do to prove this is a critical exploit in server code > > > to Valve? Would packet captures from his IP help? This loser has > > > been doing this *every* day for a month! He is now blocked from > > > the firewall, but this is a reactionary defense. This bug NEEDS > > > to be fixed. > > > > > > > > > > > > L 02/06/2005 - 00:28:23: "{ D-MOB } > > > kiLLAZ<355><STEAM_ID_PENDING><>" connected, address > > > "63.197.68.40:27005" > > > LLAZ] [STEAM_ID_PENDING] > > > L 02/06/2005 - 00:28:24: "{ D-MOB } > > > kiLLAZ<355><STEAM_ID_PENDING><>" disconnected (reason "Disconnect > > > by user.") Dropped { D-MOB } kiLLAZ from server Reason: > > > Disconnect by user. /home/cjones/local/steam/srcds_run: line 423: > > > 16168 Segmentation fault $HL_CMD > > > > > > > > > > > > -- > > > Chris > > > > > > _______________________________________________ > > > To unsubscribe, edit your list preferences, or view the list > > > archives, please visit: > > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > > > > > > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list > > archives, please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list > archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
