Bugtraq mailing list archives
Quake 2 Server Crash
From: lsawyer () GCI COM (Leif Sawyer)
Date: Wed, 20 Jan 1999 11:32:53 -0900
As the admin of a number of quake servers, I get a lot of grief when the servers stop responding. So imagine my shock today when I found this in the log files: (this occurrs multiple times for multiple crashes) *** ------- Server Initialization ------- Lithium II Mod v1.23 Map: q2dm1 Clients: 0 Mode: DM ------------------------------------- [TIMESTAMP] Wed Jan 20 00:57:32 1999 I.Crash.Servers connected I.Crash.Servers entered the game (clients = 1) Jim connected I.Crash.Servers: isnt that cool? Jim entered the game (clients = 2) I.Crash.Servers: f8.4066308.801916-1.997275255795727776554871684441501993271851 9261309972204529857042804295557369695379254160160904297030785333441191234036 372 2499905328180655146669812558216724401294487295256574001965593672278165930946 719 3302374718244644559434141982001968511670514876416.00000036203864208242065706 466 1081185321877918727462818352478172131544629258886053999628422250104238529930 351 3551062118684114774264001292444408779478784277297190716136058182749928079155 891 9394960823549936938384302198920503798602255236931094287764296569603621788156 166 144.000000113657843383457536412624131570413790616376014830719891410806832006 410 5647602260490606393886304550213680577198197497079229103864544867746075566174 424 8634118857431357303292149281287307264.00000011365826244271748860700812453324 708 2259369610998609036742327423814951455723993612423911582418642120996935351355 297 28494071527092059706478174739780605033959907590230450330932499955318784.0000 001 1365826244271748860700812453324708225936961099860903674232742381495145572399 361 2423911582418642120996935351355297284940715270920597064781747397806050339599 075 90230450330932499955318784 .000000907590230450330932499955318784.00000090.000000000.000000000 %.073741824.00000090.000000000.000000000 %.Master server at 204.182.161.3:27900 *** This causes Dr. Watson to dump out a lot of fun information, which I've already forwarded to id software. I haven't figured out any way to stop this overflow attack, but it doesn't seem to do much else but dump core. I have not attempted to replicate this to other server platforms, but my guess is that they would also dump. -- Leif Sawyer leif () gci net || lsawyer () gci com || internic: LS2540 (907) 267 - 0116 || ICQ - 3749190 || http://home.gci.net/~leif Internet System Administrator -- General Communications Inc. PGP Fingerprint: 77 C8 34 B8 FD BC C6 32 5F FE 93 4B AE 6C F7 4E
Current thread:
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race, (continued)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- Mirc 5.5 'DCC Server' hole Spikeman (Jan 24)
- Re: Mirc 5.5 'DCC Server' hole Sandro Jurado (Jan 26)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Casper Dik (Jan 25)
- Announcement: Wietse's FTP site has moved Wietse Venema (Jan 25)
- Re: NetBSD Security Advisory 1999-001: select(2)/accept(2) race Alan Cox (Jan 23)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race Luke Mewburn (Jan 20)
- Keeping Solaris up-to-date: summary John RIddoch (Jan 20)
- FW: Personal web server - Temporary Fix Ollie Whitehouse (Jan 20)
- Nobo and Netbuster Dos Wolfgang Gassner (Jan 20)
- Re: Nobo and Netbuster Dos Flavio Veloso (Jan 21)
- Quake 2 Server Crash Leif Sawyer (Jan 20)
- NetBSD Security Advisory 1999-001: select(2)/accept(2) race D. J. Bernstein (Jan 20)
- Sendmail 8.8.x/8.9.x bugware Gregory Neil Shapiro (Jan 20)
- CFP: New Security Paradigms Workshop 1999 Crispin Cowan (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- Re: Sendmail 8.8.x/8.9.x bugware Phil Stracchino (Jan 21)
- linux crashes irix6.3 Philipp Schott (Jan 22)
- Re: linux crashes irix6.3 J.A. Gutierrez (Jan 23)
- CERT Advisory CA-99.01 - TCP.Wrappers (fwd) //Stany (Jan 22)
- Misleading CERT Advisory CA-99-01-Trojan-TCP-Wrappers Jochen Thomas Bauer (Jan 22)
- Follow up - IIS 4 logging mnemonix (Jan 23)