Major Security Flaw, Pls Fix

mongo2mongo2 Join Date: 2003-06-13 Member: 17348Members
in General Server Discussion
L 09/26/2003 - 19:10:38: FATAL ERROR (shutting down): SZ_GetSpace: overflow without FSB_ALLOWOVERFLOW set on Server Spectator Buffer

This is getting out of hand, This MAJOR security flaw needs to be fixed now.
Off Topic Disagree Agree Awesome

Comments

  • EvilGrinEvilGrin Join Date: 2002-11-04 Member: 6851Members
    if you post details of how to cause this then one of the resident metamod coders can write a plugin to block it.
    Off Topic Disagree Agree Awesome
  • PetitMortePetitMorte Join Date: 2002-11-06 Member: 7232Members
    I was under the impression that setting Spectators to 0 prevented it.

    TFC is also suffering from this. Somehow spectators are crashing the servers.

    Valve knows about it, and are working on it. (from the HLDS mailing list)
    Off Topic Disagree Agree Awesome
  • SiliconSilicon Join Date: 2003-02-18 Member: 13683Members
    I haven't seen this error yet, but sv_spectators 0 in the config should fix it temporarily like PetitMorte said.
    Off Topic Disagree Agree Awesome
  • verboseverbose Join Date: 2002-11-25 Member: 9968Members, Constellation
    If memory serves: mp_allowspectators 0
    Off Topic Disagree Agree Awesome
  • mongo2mongo2 Join Date: 2003-06-13 Member: 17348Members
    Here is a more complete transcript:

    L 09/26/2003 - 19:11:16: "squi<10><104151><>" connected, address "68.98.151.7:27005"
    L 09/26/2003 - 19:11:17: "Gollum.j2<5><2104572><none>" entered the game
    L 09/26/2003 - 19:11:17: "[OO]Mad Hatter.j2<11><1900291><>" connected, address "24.175.34.12:21088"
    L 09/26/2003 - 19:11:17: Server cvar "public_slots_free" = "20.000000"
    L 09/26/2003 - 19:11:18: "NSPIayer<1><72448><none>" entered the game
    L 09/26/2003 - 19:11:19: Rcon: "rcon 3667160107 "steamy" status" from "64.30.212.36:26132"
    L 09/26/2003 - 19:11:19: "Slab Of Jesus Meat<12><4243595><>" connected, address "68.37.194.218:27005"
    L 09/26/2003 - 19:11:19: "covenant.j2<13><2630545><>" connected, address "4.62.169.50:34573"
    L 09/26/2003 - 19:11:19: Server cvar "public_slots_free" = "19.000000"
    L 09/26/2003 - 19:11:22: "ssn 568.36.4228<14><55076><>" connected, address "159.153.207.10:21831"
    L 09/26/2003 - 19:11:23: "HavoK<9><4088137><none>" entered the game
    L 09/26/2003 - 19:11:23: "squi<10><104151><none>" entered the game
    L 09/26/2003 - 19:11:25: Rcon: "rcon 3667160107 "steamy" status" from "64.30.212.36:26132"
    L 09/26/2003 - 19:11:26: "[OO]Mad Hatter.j2<11><1900291><none>" entered the game
    L 09/26/2003 - 19:11:27: "iiiiiii<8><2301067><none>" entered the game
    L 09/26/2003 - 19:11:27: "squi<10><104151><none>" say "Owned."
    L 09/26/2003 - 19:11:28: "Slab Of Jesus Meat<12><4243595><none>" entered the game
    L 09/26/2003 - 19:11:28: "Dtere<15><2973059><>" connected, address "216.228.47.38:43621"
    L 09/26/2003 - 19:11:28: Server cvar "public_slots_free" = "14.000000"
    L 09/26/2003 - 19:11:29: "squi<10><104151><alien1team>" changed role to "skulk"
    L 09/26/2003 - 19:11:29: FATAL ERROR (shutting down): SZ_GetSpace: overflow without FSB_ALLOWOVERFLOW set on Server Spectator Buffer

    The NS.org forum admins might want to have a look at whos IP address that is. They might find it interesting... I already know but I'll let you find out for yourselves as you wouldn't believe me if I told you.
    Off Topic Disagree Agree Awesome
  • romanoromano Join Date: 2002-11-02 Member: 4296Members
    You MIGHT want to edit out your rcon password next time you post logs.
    Off Topic Disagree Agree Awesome
  • SuperBOBSuperBOB Join Date: 2003-02-21 Member: 13795Members
    LOL, <!--emo&;)--><img src='http://www.unknownworlds.com/forums/html/emoticons/wink.gif' border='0' style='vertical-align:middle' alt='wink.gif'><!--endemo-->
    Off Topic Disagree Agree Awesome
  • mongo2mongo2 Join Date: 2003-06-13 Member: 17348Members
    That's the old password, old log.

    With specing off today:

    L 10/05/2003 - 00:38:08: "photon<6><1376075><>" connected, address "68.98.151.7:27005"
    L 10/05/2003 - 00:38:11: "red<1><3336524><none>" entered the game
    L 10/05/2003 - 00:38:12: "test<3><938908><none>" entered the game
    L 10/05/2003 - 00:38:12: "[OO]Mad Hatter.j2<7><1900291><>" connected, address "24.175.34.12:20510"
    L 10/05/2003 - 00:38:13: "rarr<4><4210283><none>" entered the game
    L 10/05/2003 - 00:38:13: Server cvar "public_slots_free" = "21.000000"
    L 10/05/2003 - 00:38:13: "omgzergrush!<8><3515252><>" connected, address "68.4.33.167:43620"
    L 10/05/2003 - 00:38:13: "skinthinner.j2<9><112624><>" connected, address "65.66.153.238:27005"
    L 10/05/2003 - 00:38:14: "photon<6><1376075><none>" entered the game
    L 10/05/2003 - 00:38:16: "[DeltA]DaEbie<5><51149><none>" entered the game
    L 10/05/2003 - 00:38:16: "[OO] mongo.j2<2><2410692><none>" entered the game
    L 10/05/2003 - 00:38:19: "skinthinner.j2<9><112624><none>" entered the game
    L 10/05/2003 - 00:38:21: "[OO]Mad Hatter.j2<7><1900291><none>" entered the game
    L 10/05/2003 - 00:38:24: "omgzergrush!<8><3515252><none>" entered the game
    L 10/05/2003 - 00:38:24: "red<1><3336524><none>" say "the photon on right now is grimlock"
    L 10/05/2003 - 00:38:27: "iownju.j2<10><2835507><>" connected, address "67.34.143.88:43634"
    L 10/05/2003 - 00:38:27: Server cvar "public_slots_free" = "15.000000"
    L 10/05/2003 - 00:38:34: "manzoni jimmy le francai<11><2448558><>" connected, address "81.49.174.133:35020"
    L 10/05/2003 - 00:38:37: "[OO]H4nDiC4Pd<12><1210922><>" connected, address "67.166.148.19:27005"
    L 10/05/2003 - 00:38:41: "photon<6><1376075><none>" say "lol, you still allow hackers on here"
    L 10/05/2003 - 00:38:42: "[OO]Cattlecruiser<13><3203587><>" connected, address "67.112.121.16:65175"
    L 10/05/2003 - 00:38:44: "[OO]H4nDiC4Pd<12><1210922><none>" entered the game
    L 10/05/2003 - 00:38:44: "photon<6><1376075><marine1team>" changed role to "soldier"
    L 10/05/2003 - 00:38:44: FATAL ERROR (shutting down): SZ_GetSpace: overflow without FSB_ALLOWOVERFLOW set on Server Spectator Buffer

    It doesn't help the problem to turn off spectator mode. Your servers are vulnerable whether you like it or not.
    Off Topic Disagree Agree Awesome
  • verboseverbose Join Date: 2002-11-25 Member: 9968Members, Constellation
    Uh...why did you not ban that IP address after the first incident? 68.98.151.7 both times. While there obviously is some bug that this punk is using to crash your server, you have some countermeasures available to you...
    Off Topic Disagree Agree Awesome
  • WolfWingsWolfWings NS_Nancy Resurrectionist Join Date: 2002-11-02 Member: 4416Members
    <!--QuoteBegin--verbose+Oct 5 2003, 08:31 AM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (verbose @ Oct 5 2003, 08:31 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Uh...why did you not ban that IP address after the first incident? 68.98.151.7 both times. While there obviously is some bug that this punk is using to crash your server, you have some countermeasures available to you... <!--QuoteEnd--> </td></tr></table><span class='postcolor'> <!--QuoteEEnd-->
    I think it's called being struck again when you thought you fixed the bug...
    Off Topic Disagree Agree Awesome
  • mongo2mongo2 Join Date: 2003-06-13 Member: 17348Members
    Basically, yes.

    We are having some issues with IP banning clearly as the IP should have been banned. However, banning 1 person who is exploiting a security flaw doesn't fix the flaw. If there is a security flaw that allows someone to crash your server at will, regardless of IP of the offender and clearly there is, that I'd think others might want to know about it, both server admins and the developers.

    If you don't care well that's your option I suppose.
    Off Topic Disagree Agree Awesome
  • TalesinTalesin Our own little well of hate Join Date: 2002-11-08 Member: 7710NS1 Playtester, Forum Moderators
    Why would they not believe if you told them? I just did a search on that IP, found one member, whose name is a relative non-entity.
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.