Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

quake2-bof-DoS.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Explains a vulnerability in Quake 2 causing server crashes via specific crash triggers.

Code
`Date: Wed, 20 Jan 1999 11:32:53 -0900  
From: Leif Sawyer <[email protected]>  
To: [email protected]  
Subject: Quake 2 Server Crash  
  
As the admin of a number of quake servers, I get a lot of grief when  
the servers stop responding. So imagine my shock today when I found  
this in the log files:  
  
(this occurrs multiple times for multiple crashes)  
***  
------- Server Initialization -------  
Lithium II Mod v1.23  
Map: q2dm1 Clients: 0 Mode: DM  
-------------------------------------  
[TIMESTAMP] Wed Jan 20 00:57:32 1999  
I.Crash.Servers connected  
I.Crash.Servers entered the game (clients = 1)  
Jim connected  
I.Crash.Servers: isnt that cool?  
Jim entered the game (clients = 2)  
I.Crash.Servers:  
f8.4066308.801916-1.997275255795727776554871684441501993271851  
9261309972204529857042804295557369695379254160160904297030785333441191234036  
372  
2499905328180655146669812558216724401294487295256574001965593672278165930946  
719  
3302374718244644559434141982001968511670514876416.00000036203864208242065706  
466  
1081185321877918727462818352478172131544629258886053999628422250104238529930  
351  
3551062118684114774264001292444408779478784277297190716136058182749928079155  
891  
9394960823549936938384302198920503798602255236931094287764296569603621788156  
166  
144.000000113657843383457536412624131570413790616376014830719891410806832006  
410  
5647602260490606393886304550213680577198197497079229103864544867746075566174  
424  
8634118857431357303292149281287307264.00000011365826244271748860700812453324  
708  
2259369610998609036742327423814951455723993612423911582418642120996935351355  
297  
28494071527092059706478174739780605033959907590230450330932499955318784.0000  
001  
1365826244271748860700812453324708225936961099860903674232742381495145572399  
361  
2423911582418642120996935351355297284940715270920597064781747397806050339599  
075  
90230450330932499955318784  
.000000907590230450330932499955318784.00000090.000000000.000000000  
%.073741824.00000090.000000000.000000000  
%.Master server at 204.182.161.3:27900  
  
***  
  
This causes Dr. Watson to dump out a lot of fun information, which I've  
already  
forwarded to id software.  
  
I haven't figured out any way to stop this overflow attack, but it doesn't  
seem  
to do much else but dump core.  
  
I have not attempted to replicate this to other server platforms, but my  
guess  
is that they would also dump.  
  
--  
Leif Sawyer  
[email protected] || [email protected] || internic: LS2540  
(907) 267 - 0116 || ICQ - 3749190 || http://home.gci.net/~leif  
Internet System Administrator -- General Communications Inc.  
PGP Fingerprint: 77 C8 34 B8 FD BC C6 32 5F FE 93 4B AE 6C F7 4E  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
quake twoserver crashvulnerability exploitlithium ii modcrash logsdos attack
24