Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:26

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 
Author Message
 Post subject: Battlefield 2 1.50 voip failed assertion
PostPosted: 30 Jun 2010 05:41 

Joined: 16 Aug 2007 06:25
Posts: 367
I tried testing this on multiple servers with VOIP enabled, but wasn't able to reproduce a crash.

I assume the clients talk directly to the VOIP server/port because when I did a packet scan while talking on these servers, I saw traffic being sent to a different port. Often times it was different (but close to) the port you mentioned, though it had to be VOIP traffic.

When I ran UDPSZ (udpsz -b 0x68 SERVER PORT 1) replacing the server and port accordingly, I wasn't able to reproduce this on any servers. They were all running 1.5.3153-802.0.

Thoughts on this? Are there any restrictions/requirements for the client besides a simple udp packet to the correct server/port?


Top
 Profile  
 
 
 Post subject: Re: Battlefield 2 1.50 voip failed assertion
PostPosted: 30 Jun 2010 10:34 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
as written in the advisory the huge limitation of this bug is the fact that the port 55124 is bound on the interface needed to reach the voip server so by default it's 127.0.0.1 making the bug almost impossible to exploit.

for doing the test you need to run the server locally and then launching udps using 127.0.0.1 as server.
if you set VoipServerRemoteIP to 1.2.3.4 then you can reach the 55124 port also from internet but I guess this particular setup is used by one or probably just no servers because a very rare event


Top
 Profile  
 
 Post subject: Re: Battlefield 2 1.50 voip failed assertion
PostPosted: 01 Jul 2010 04:27 

Joined: 16 Aug 2007 06:25
Posts: 367
Thanks for the info. I really enjoy the BF2 stuff you release :) I'm betting theres even more problems yet to be released.


Top
 Profile  
 
 Post subject: Re: Battlefield 2 1.50 voip failed assertion
PostPosted: 01 Jul 2010 08:51 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I'm sure there are other things but the problem is the protocol that is too boring and chaotic to test.
anyway I found very interesting the directory traversal bug, it affects only the client but was a good finding moreover because didn't require boring technical analysis :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 4 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron