Basicly, you need to do some HEX'ing inside engine_i686.so and it helps (at least temporary).
On Fri, 05 Mar 2010 20:05:30 +0200, Loïc Péron <[email protected]> wrote: > Hopefully it is gonna be fixed soon ! > > 2010/3/5 Alfred Reynolds <[email protected]> > >> You can always email me directly (or any of the Valve guys on this list) >> with any exploit details you find. Thanks for the details, we will work >> on a >> fix. >> >> > -----Original Message----- >> > From: [email protected] [mailto:hlds_linux- >> > [email protected]] On Behalf Of Damian Klimek >> > Sent: Thursday, March 04, 2010 1:04 PM >> > To: [email protected] >> > Subject: [hlds_linux] HLDS exploit ? >> > >> > Hi all, >> > >> > I've got info from some friends that due to error in HLDS engine code >> > whole server could be shut down. >> > According to unknown-source code of propably HLDS problem is propably >> > in function SV_ParseVoiceData. >> > >> > http://ampaste.net/m32c5281a >> > >> > >> > // Read in the data. >> > nDataLength = MSG_ReadShort(); >> > --> if( nDataLength > sizeof(chReceived) ) >> > { >> > Host_Error("SV_ParseVoiceData: invalid incoming >> > packet.\n"); >> > return; >> > } >> > MSG_ReadBuf( nDataLength, chReceived ); >> > >> > >> > >> > I had tested hlds_vcrash on hlds_i686/linux 4617 and it worked well - >> > I'm suprised that Valve did nothing in this case, because exploits are >> > available since 1st March... >> > >> > http://rghost.net/1076529 >> > >> > I had also backuped them on my server, so you can check them against >> > your servers. >> > >> > http://damianlimek.pl/hlds-exploit/ >> > >> > Unfortunately they could work, so it may be problem for hosting >> > companies which can get more e-mails about 'my CS1.6 server in your >> > company has crashed over 9000 times!' >> > >> > Possible fixes are: using DPROTO [unsure about legal way of using this >> > - it doesn't modify HLDS code, but allow to use cracked clients...], >> > or trying to modify hlds_i686 binary [which is illegal of course]. >> > >> > There's how it works on : >> > >> > Server side: >> > >> > [....dropping clients...] >> > 16:09 Dropped ---->MaRcIn<---- from server >> > 16:09 Reason: Server shutting down >> > 16:09 Dropped KuBa from server >> > 16:09 Reason: Server shutting down >> > 16:09 FATAL ERROR (shutting down): Host_Error: >> > SV_ParseVoiceData: invalid incoming packet. >> > 16:09 >> > 16:09 >> > 16:09 Add "-debug" to the ./hlds_run command line to generate a >> > debug.log to help with solving this >> > 16:09 problem >> > 16:09 czw mar 4 16:08:46 CET 2010: Server restart in 10 seconds >> > 16:09 >> > >> > >> > Attacker's side: >> > >> > 17:16 C:\Documents and Settings\Damian\Pulpit>hlds_vcrash.exe >> > 195.114.0.89 27015 48 3 >> > 17:16 Trying to connect to 195.114.0.89:27015; protocol=48; >> > auth_type=3 >> > 17:16 >> > 17:16 Challenging... OK >> > 17:16 Connecting... OK >> > 17:16 Sending exploit... OK >> > 17:16 Done. >> > 17:16 >> > 17:16 >> > 17:16 Press any key to exit >> > 17:16 >> > >> > But remember, You use these programs on your own risk, and I cannot >> > guarantee that it's legal to use them. >> > >> > -- >> > Damian >> > >> > _______________________________________________ >> > To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
