New way to crash a server

[jedi-Guard]

Hello fellows of the jedi.

I need help as allways, there is a new way to crash a server and i have no idea how to fix it.

The link where the fix should be, doesnt work.

If you try the link with the q3infoboom.zip, it works, it has couple of files which looks very weird, i heard it should be the client file to attack the server, but am paranoid, i never double click on something that i dont know for sure what it is.

 

the q3fix.zip doesnt work

 

Read Below

 

#######################################################################

 

Luigi Auriemma

 

Application: Quake 3 engine

http://www.idsoftware.com

Games: - Call of Duty <= 1.5b

- Call of Duty: United Offensive <= 1.51b

- Heavy Metal: F.A.K.K.2 <= 1.02

- Quake III Arena <= 1.32c

- Return to Castle Wolfenstein <= 1.41b

- Soldier of Fortune II: Double Helix <= 1.03

- Star Trek Voyager: Elite Force <= 1.20

- Star Trek: Elite Force II <= 1.10

- Star Wars Jedi Knight II: Jedi Outcast <= 1.04

- Star Wars Jedi Knight: Jedi Academy <= 1.011

- Wolfenstein: Enemy Territory <= 1.02 / 2.56

...possibly others

Platforms: Windows, Linux and Mac

Bug: crash or shutdown caused by incorrect handling of big

queries

Exploitation: remote, versus server

Date: 12 Feb 2005

Author: Luigi Auriemma

e-mail: aluigi@autistici.org

web: aluigi.org

 

 

#######################################################################

 

 

1) Introduction

2) Bug

3) The Code

4) Fix

 

 

#######################################################################

 

===============

1) Introduction

===============

 

 

The Quake 3 engine is the well known game engine developed by ID

Software (http://www.idsoftware.com) and is used by many games.

 

Some months ago I reported similar problems in three games based on

this engine: Medal of Honor, Call of Duty and Soldier of Fortune II.

Except for Medal of Honor that is affected by a specific buffer

overflow, the other two games can be "probably" included in this

advisory too but I'm not totally sure.

 

 

#######################################################################

 

======

2) Bug

======

 

 

The Quake 3 engine has problems to handle big queries allowing an

attacker to shutdown any game server based on this engine:

 

ERROR: Info_SetValueForKey: oversize infostring

 

In some of the vulnerable games is also possible to crash the server.

 

 

#######################################################################

 

===========

3) The Code

===========

 

 

http://aluigi.org/poc/q3infoboom.zip

 

A simple scanner for testing any game based on the Quake 3 engine.

 

 

#######################################################################

 

======

4) Fix

======

 

 

Only the two Linux versions Call of Duty games have been fixed with the

1.5b and 1.51b patches, while all the others are still vulnerable

(included the Windows version of Call of Duty!).

 

I have released an universal patcher that limits the amount of handled

data in the queries from 1023 to 512 solving the problem in any game:

 

http://aluigi.org/patches/q3infofix.zip

 

 

#######################################################################