Sorry for the double mail, a third party... developer? has released patches against this. If you want more details feel free to mail me off list.
Cheers, Kyle On Fri, Mar 5, 2010 at 3:51 PM, Kyle Sanderson <[email protected]> wrote: > How would I go about patching this? > > Thanks, > Kyle. > > > On Fri, Mar 5, 2010 at 10:13 AM, EVAgames Community < > [email protected]> wrote: > >> Basicly, you need to do some HEX'ing inside engine_i686.so and it helps >> (at least temporary). >> >> >> >> On Fri, 05 Mar 2010 20:05:30 +0200, Loïc Péron <[email protected]> wrote: >> >> > Hopefully it is gonna be fixed soon ! >> > >> > 2010/3/5 Alfred Reynolds <[email protected]> >> > >> >> You can always email me directly (or any of the Valve guys on this >> list) >> >> with any exploit details you find. Thanks for the details, we will work >> >> on a >> >> fix. >> >> >> >> > -----Original Message----- >> >> > From: [email protected] [mailto:hlds_linux- >> >> > [email protected]] On Behalf Of Damian Klimek >> >> > Sent: Thursday, March 04, 2010 1:04 PM >> >> > To: [email protected] >> >> > Subject: [hlds_linux] HLDS exploit ? >> >> > >> >> > Hi all, >> >> > >> >> > I've got info from some friends that due to error in HLDS engine code >> >> > whole server could be shut down. >> >> > According to unknown-source code of propably HLDS problem is propably >> >> > in function SV_ParseVoiceData. >> >> > >> >> > http://ampaste.net/m32c5281a >> >> > >> >> > >> >> > // Read in the data. >> >> > nDataLength = MSG_ReadShort(); >> >> > --> if( nDataLength > sizeof(chReceived) ) >> >> > { >> >> > Host_Error("SV_ParseVoiceData: invalid incoming >> >> > packet.\n"); >> >> > return; >> >> > } >> >> > MSG_ReadBuf( nDataLength, chReceived ); >> >> > >> >> > >> >> > >> >> > I had tested hlds_vcrash on hlds_i686/linux 4617 and it worked well - >> >> > I'm suprised that Valve did nothing in this case, because exploits >> are >> >> > available since 1st March... >> >> > >> >> > http://rghost.net/1076529 >> >> > >> >> > I had also backuped them on my server, so you can check them against >> >> > your servers. >> >> > >> >> > http://damianlimek.pl/hlds-exploit/ >> >> > >> >> > Unfortunately they could work, so it may be problem for hosting >> >> > companies which can get more e-mails about 'my CS1.6 server in your >> >> > company has crashed over 9000 times!' >> >> > >> >> > Possible fixes are: using DPROTO [unsure about legal way of using >> this >> >> > - it doesn't modify HLDS code, but allow to use cracked clients...], >> >> > or trying to modify hlds_i686 binary [which is illegal of course]. >> >> > >> >> > There's how it works on : >> >> > >> >> > Server side: >> >> > >> >> > [....dropping clients...] >> >> > 16:09 Dropped ---->MaRcIn<---- from server >> >> > 16:09 Reason: Server shutting down >> >> > 16:09 Dropped KuBa from server >> >> > 16:09 Reason: Server shutting down >> >> > 16:09 FATAL ERROR (shutting down): Host_Error: >> >> > SV_ParseVoiceData: invalid incoming packet. >> >> > 16:09 >> >> > 16:09 >> >> > 16:09 Add "-debug" to the ./hlds_run command line to generate a >> >> > debug.log to help with solving this >> >> > 16:09 problem >> >> > 16:09 czw mar 4 16:08:46 CET 2010: Server restart in 10 >> seconds >> >> > 16:09 >> >> > >> >> > >> >> > Attacker's side: >> >> > >> >> > 17:16 C:\Documents and Settings\Damian\Pulpit>hlds_vcrash.exe >> >> > 195.114.0.89 27015 48 3 >> >> > 17:16 Trying to connect to 195.114.0.89:27015; protocol=48; >> >> > auth_type=3 >> >> > 17:16 >> >> > 17:16 Challenging... OK >> >> > 17:16 Connecting... OK >> >> > 17:16 Sending exploit... OK >> >> > 17:16 Done. >> >> > 17:16 >> >> > 17:16 >> >> > 17:16 Press any key to exit >> >> > 17:16 >> >> > >> >> > But remember, You use these programs on your own risk, and I cannot >> >> > guarantee that it's legal to use them. >> >> > >> >> > -- >> >> > Damian >> >> > >> >> > _______________________________________________ >> >> > To unsubscribe, edit your list preferences, or view the list >> archives, >> >> > please visit: >> >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> >> >> _______________________________________________ >> >> To unsubscribe, edit your list preferences, or view the list archives, >> >> please visit: >> >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> >> > _______________________________________________ >> > To unsubscribe, edit your list preferences, or view the list archives, >> > please visit: >> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> >> >> -- >> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: >> http://list.valvesoftware.com/mailman/listinfo/hlds_linux >> > > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
