How would I go about patching this? Thanks, Kyle.
On Fri, Mar 5, 2010 at 10:13 AM, EVAgames Community <[email protected]>wrote: > Basicly, you need to do some HEX'ing inside engine_i686.so and it helps > (at least temporary). > > > > On Fri, 05 Mar 2010 20:05:30 +0200, Loïc Péron <[email protected]> wrote: > > > Hopefully it is gonna be fixed soon ! > > > > 2010/3/5 Alfred Reynolds <[email protected]> > > > >> You can always email me directly (or any of the Valve guys on this list) > >> with any exploit details you find. Thanks for the details, we will work > >> on a > >> fix. > >> > >> > -----Original Message----- > >> > From: [email protected] [mailto:hlds_linux- > >> > [email protected]] On Behalf Of Damian Klimek > >> > Sent: Thursday, March 04, 2010 1:04 PM > >> > To: [email protected] > >> > Subject: [hlds_linux] HLDS exploit ? > >> > > >> > Hi all, > >> > > >> > I've got info from some friends that due to error in HLDS engine code > >> > whole server could be shut down. > >> > According to unknown-source code of propably HLDS problem is propably > >> > in function SV_ParseVoiceData. > >> > > >> > http://ampaste.net/m32c5281a > >> > > >> > > >> > // Read in the data. > >> > nDataLength = MSG_ReadShort(); > >> > --> if( nDataLength > sizeof(chReceived) ) > >> > { > >> > Host_Error("SV_ParseVoiceData: invalid incoming > >> > packet.\n"); > >> > return; > >> > } > >> > MSG_ReadBuf( nDataLength, chReceived ); > >> > > >> > > >> > > >> > I had tested hlds_vcrash on hlds_i686/linux 4617 and it worked well - > >> > I'm suprised that Valve did nothing in this case, because exploits are > >> > available since 1st March... > >> > > >> > http://rghost.net/1076529 > >> > > >> > I had also backuped them on my server, so you can check them against > >> > your servers. > >> > > >> > http://damianlimek.pl/hlds-exploit/ > >> > > >> > Unfortunately they could work, so it may be problem for hosting > >> > companies which can get more e-mails about 'my CS1.6 server in your > >> > company has crashed over 9000 times!' > >> > > >> > Possible fixes are: using DPROTO [unsure about legal way of using this > >> > - it doesn't modify HLDS code, but allow to use cracked clients...], > >> > or trying to modify hlds_i686 binary [which is illegal of course]. > >> > > >> > There's how it works on : > >> > > >> > Server side: > >> > > >> > [....dropping clients...] > >> > 16:09 Dropped ---->MaRcIn<---- from server > >> > 16:09 Reason: Server shutting down > >> > 16:09 Dropped KuBa from server > >> > 16:09 Reason: Server shutting down > >> > 16:09 FATAL ERROR (shutting down): Host_Error: > >> > SV_ParseVoiceData: invalid incoming packet. > >> > 16:09 > >> > 16:09 > >> > 16:09 Add "-debug" to the ./hlds_run command line to generate a > >> > debug.log to help with solving this > >> > 16:09 problem > >> > 16:09 czw mar 4 16:08:46 CET 2010: Server restart in 10 seconds > >> > 16:09 > >> > > >> > > >> > Attacker's side: > >> > > >> > 17:16 C:\Documents and Settings\Damian\Pulpit>hlds_vcrash.exe > >> > 195.114.0.89 27015 48 3 > >> > 17:16 Trying to connect to 195.114.0.89:27015; protocol=48; > >> > auth_type=3 > >> > 17:16 > >> > 17:16 Challenging... OK > >> > 17:16 Connecting... OK > >> > 17:16 Sending exploit... OK > >> > 17:16 Done. > >> > 17:16 > >> > 17:16 > >> > 17:16 Press any key to exit > >> > 17:16 > >> > > >> > But remember, You use these programs on your own risk, and I cannot > >> > guarantee that it's legal to use them. > >> > > >> > -- > >> > Damian > >> > > >> > _______________________________________________ > >> > To unsubscribe, edit your list preferences, or view the list archives, > >> > please visit: > >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > >> _______________________________________________ > >> To unsubscribe, edit your list preferences, or view the list archives, > >> please visit: > >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >> > > _______________________________________________ > > To unsubscribe, edit your list preferences, or view the list archives, > > please visit: > > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > -- > Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
