Luigi Auriemma

The error in the topic is usually considered a normal bug and from what I have seen it has been patched in many Q3 games tons of time ago (Quake 3 1.29 reports it in a fix of 2001 but I don't know if it's just the same thing), anyway it can be also (ab)used to terminate the servers of some games like for example Call of Duty 1.

In short the problem is something related to the files opened by the server and not closed or similar, so for example if a server has the downloads enabled (sv_allowdownload and/or sv_wwwdownload) and a client requests a file more than 64 times (for example joining/leaving a server which uses a mod/map/content the hasn't and so on) then the server terminates with that error.

At the moment I don't have looked to a simple easy to use way to test this bug/vulnerability due to some problems with my PC and a not so big interest in this thing, so feel free to test it and post your comments and results.

i tested it on cod2 and downloaded some mod a lot of times(on server was punkbuster)....and after dunno how many tries it kicked me with message similar to "Punkbuster kicked e.wiZz! 0 minutes.Channel overflow."

Sorry to bump this very old topic, but couldn't you just sniff the packets sent to the server when requesting a download, and send those same packets 64 times?

you can't because in the Quake 3 engine the packets can't be simply replicated multiple times.
they have seq/acks to respect and moreover all the encryption layer that requires the rebuilding of the whole packet.

Using Q3dirtrav you can do e.g. /download uo/herpderp.pk3

This does request a download, so I figured: "Can one simply request a download multiple times?"

Though I don't know any real programming (other than modding call of duty, so this isn't of much use)
I'm probably just too simple-minded.

you can do that only if you have a minimalistic client that can send in-game commands (for example imagine a q3fill plus the in-game part).

without that the only alternative is doing it manually or maybe via a mod (in doubt).

sincerely I don't remember if I found a better and faster way in my tests because too much time is passed an my memory is not good, but if I'm not in error I remember something about an automatic operation performed by the client that required no skill or manual stuff.

ok the following IS the way:
note that probably you need to add more ";wait" because here the server crashed after the third one.
note also that there I specified pakc.pk3 but probably there are better files to call for the download that could be more compatible (note that the file is not downloaded so the size doesn't matter)

Very interesting. Though I haven't been able to replicate this on my LAN server.
It spams "Server sending download but no download was requested" a couple of times (10/15 times).

It could very well have been fixed in the patches.
In any case, it was an interesting read. Thanks :)

uhmm here I have CoD1 1.5b and it's vulnerable.

you can also use the following alternative script to force the downloads in loop so that they will for sure reach the 64 limit (it must be major than this number to exploit the bug):
attention that the script will not terminate so in some cases you could need to kill the process manually

CoDUO 1.51

Can't try it on CoD at the moment because my CD-Key is missing, for some reason.

I've had one WIN- moment where it did give me connection interrupted on my internet dedicated server (though haven't been able to replicate that result). And I figured this was more of a client issue than the server actually shutting down (crashing).

I looked in console_mp.log and it didn't mention anything of great value.

it's enough strange that CoD is vulnerable and CoDUO isn't, but yeah InfinityWard is full of surprises when it's a matter of vulnerabilities :)

I believe gray matter employees were a little bit more aware of things since the company (now part of treyarch) is full of modders (at least now it is). I've seen enough people getting hired by treyarch because they made some awesome mod in a CoD-game.

Knowing that, it wouldn't be a big surprise if gray matter employees had read about the vulnerability and IW ones hadn't.