Re: [hlds_linux] Serious new CSS crash exploit, possible other games affected?

Sun, 15 Nov 2009 09:23:56 -0800 

Please don't tell me this is a well known exploit. Sorry, but I don't see 
malformed packets in the syslog related to this.


> Check the DMESG.  You should see a bunch of malformed packets or UDP
> checksum errors.  That's what I see when that stuff happens.  It
> sometimes takes quite a few malformed packets/checksum errors before the
> server segfaults.
>
> Ronny Schedel wrote:
>> Hello,
>>
>> there is a new spam and crash exploit out there, we have seen it today on
>> our CS:S server. What happend? A player connected and was able to send 
>> some
>> spam messages which looked like they came from the server console, the
>> players name is "h 4 x" in the following log. It seems the messages where
>> spammed during the connection, so I suppose he used a proxy to send
>> malformed packets during connection. After his spam, he connected again 
>> and
>> crashed the server.
>>
>> Here the console spam:
>>
>> L 11/15/2009 - 17:22:38: "h 4 x<552><STEAM_ID_PENDING><>" connected, 
>> address
>> "87.122.42.104:27005"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "HACKED"
>> L 11/15/2009 - 17:22:38: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "h 4 x<552><STEAM_0:0:17742854><>" STEAM USERID
>> validated
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "HACKED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "OWNED"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "SPAM"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Wollt ihr
>> dieses Script kaufen?"
>> L 11/15/2009 - 17:22:39: "Console<0><Console><Console>" say "Dann added
>> ruhsi643 in Steam"
>> L 11/15/2009 - 17:22:40: "h 4 x<552><STEAM_0:0:17742854><>" disconnected
>> (reason "Disconnect by user.")
>>
>> The last log line is:
>>
>> L 11/15/2009 - 17:27:00: "CRASHED BY ruhsi643 ADDET
>> ruhsi<557><STEAM_ID_PENDING><>" connected, address "87.122.42.104:27005"
>>
>> After this line, the server crashed. This is the last line, because we 
>> run
>> our server with logflush.
>>
>> Best regards
>>
>> Ronny Schedel
>>
>>
>> _______________________________________________
>> To unsubscribe, edit your list preferences, or view the list archives, 
>> please visit:
>> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
>>
>>
>
> _______________________________________________
> To unsubscribe, edit your list preferences, or view the list archives, 
> please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> 


_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux

Reply via email to