It is legal, and thanks for the sploits! LOLOZOLLOZZZ I R CRASHIN UR SERVAZ!
Thanks, - Saul. On 4 March 2010 21:04, Damian Klimek <[email protected]> wrote: > Hi all, > > I've got info from some friends that due to error in HLDS engine code > whole server could be shut down. > According to unknown-source code of propably HLDS problem is propably > in function SV_ParseVoiceData. > > http://ampaste.net/m32c5281a > > > // Read in the data. > nDataLength = MSG_ReadShort(); > --> if( nDataLength > sizeof(chReceived) ) > { > Host_Error("SV_ParseVoiceData: invalid incoming > packet.\n"); > return; > } > MSG_ReadBuf( nDataLength, chReceived ); > > > > I had tested hlds_vcrash on hlds_i686/linux 4617 and it worked well - > I'm suprised that Valve did nothing in this case, because exploits are > available since 1st March... > > http://rghost.net/1076529 > > I had also backuped them on my server, so you can check them against > your servers. > > http://damianlimek.pl/hlds-exploit/ > > Unfortunately they could work, so it may be problem for hosting > companies which can get more e-mails about 'my CS1.6 server in your > company has crashed over 9000 times!' > > Possible fixes are: using DPROTO [unsure about legal way of using this > - it doesn't modify HLDS code, but allow to use cracked clients...], > or trying to modify hlds_i686 binary [which is illegal of course]. > > There's how it works on : > > Server side: > > [....dropping clients...] > 16:09 Dropped ---->MaRcIn<---- from server > 16:09 Reason: Server shutting down > 16:09 Dropped KuBa from server > 16:09 Reason: Server shutting down > 16:09 FATAL ERROR (shutting down): Host_Error: > SV_ParseVoiceData: invalid incoming packet. > 16:09 > 16:09 > 16:09 Add "-debug" to the ./hlds_run command line to generate a > debug.log to help with solving this > 16:09 problem > 16:09 czw mar 4 16:08:46 CET 2010: Server restart in 10 seconds > 16:09 > > > Attacker's side: > > 17:16 C:\Documents and Settings\Damian\Pulpit>hlds_vcrash.exe > 195.114.0.89 27015 48 3 > 17:16 Trying to connect to 195.114.0.89:27015; protocol=48; > auth_type=3 > 17:16 > 17:16 Challenging... OK > 17:16 Connecting... OK > 17:16 Sending exploit... OK > 17:16 Done. > 17:16 > 17:16 > 17:16 Press any key to exit > 17:16 > > But remember, You use these programs on your own risk, and I cannot > guarantee that it's legal to use them. > > -- > Damian > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
