quake2-bof-DoS.txt

1999-08-17T00:00:00
ID PACKETSTORM:12369
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Wed, 20 Jan 1999 11:32:53 -0900  
From: Leif Sawyer <lsawyer@GCI.COM>  
To: BUGTRAQ@netspace.org  
Subject: Quake 2 Server Crash  
  
As the admin of a number of quake servers, I get a lot of grief when  
the servers stop responding. So imagine my shock today when I found  
this in the log files:  
  
(this occurrs multiple times for multiple crashes)  
***  
------- Server Initialization -------  
Lithium II Mod v1.23  
Map: q2dm1 Clients: 0 Mode: DM  
-------------------------------------  
[TIMESTAMP] Wed Jan 20 00:57:32 1999  
I.Crash.Servers connected  
I.Crash.Servers entered the game (clients = 1)  
Jim connected  
I.Crash.Servers: isnt that cool?  
Jim entered the game (clients = 2)  
I.Crash.Servers:  
f8.4066308.801916-1.997275255795727776554871684441501993271851  
9261309972204529857042804295557369695379254160160904297030785333441191234036  
372  
2499905328180655146669812558216724401294487295256574001965593672278165930946  
719  
3302374718244644559434141982001968511670514876416.00000036203864208242065706  
466  
1081185321877918727462818352478172131544629258886053999628422250104238529930  
351  
3551062118684114774264001292444408779478784277297190716136058182749928079155  
891  
9394960823549936938384302198920503798602255236931094287764296569603621788156  
166  
144.000000113657843383457536412624131570413790616376014830719891410806832006  
410  
5647602260490606393886304550213680577198197497079229103864544867746075566174  
424  
8634118857431357303292149281287307264.00000011365826244271748860700812453324  
708  
2259369610998609036742327423814951455723993612423911582418642120996935351355  
297  
28494071527092059706478174739780605033959907590230450330932499955318784.0000  
001  
1365826244271748860700812453324708225936961099860903674232742381495145572399  
361  
2423911582418642120996935351355297284940715270920597064781747397806050339599  
075  
90230450330932499955318784  
.000000907590230450330932499955318784.00000090.000000000.000000000  
%.073741824.00000090.000000000.000000000  
%.Master server at 204.182.161.3:27900  
  
***  
  
This causes Dr. Watson to dump out a lot of fun information, which I've  
already  
forwarded to id software.  
  
I haven't figured out any way to stop this overflow attack, but it doesn't  
seem  
to do much else but dump core.  
  
I have not attempted to replicate this to other server platforms, but my  
guess  
is that they would also dump.  
  
--  
Leif Sawyer  
leif@gci.net || lsawyer@gci.com || internic: LS2540  
(907) 267 - 0116 || ICQ - 3749190 || http://home.gci.net/~leif  
Internet System Administrator -- General Communications Inc.  
PGP Fingerprint: 77 C8 34 B8 FD BC C6 32 5F FE 93 4B AE 6C F7 4E  
`