Servercrash through Serverexploit Abuse

[Disasterpiece]

Hi

Our Server crashes several times a day.
The log contains this satement:

Code:

New Player 6tech id=67f9c7b632dc5c58---
Open myLevel Sat Sep 13 18:00:48 2008 89.246.217.47:1179
Client netspeed is 10000
New Player Toxic@brokenMous id=66858410df00---
Close TcpipConnection 91.39.xxx.xxx:1291 Sat Sep 13 18:01:17 2008
Close TcpipConnection 91.17.xxx.xxx:52905 Sat Sep 13 18:01:17 2008
Close TcpipConnection 84.167.xxx.xxx:1069 Sat Sep 13 18:01:17 2008
Close TcpipConnection 84.135.xxx.xxx:3103 Sat Sep 13 18:01:17 2008
Close TcpipConnection 88.73.xxx.xxx:51629 Sat Sep 13 18:01:17 2008
Close TcpipConnection 217.227.xxx.xxx:1939 Sat Sep 13 18:01:17 2008
Close TcpipConnection 151.50.xxx.xxx:55870 Sat Sep 13 18:01:17 2008
Open myLevel Sat Sep 13 18:01:42 2008 78.92.xxx.xxx:2074
Assertion failed: VoiceIndex<VOICE_MAX_CHATTERS [File:UnChan.cpp] [Line: 1710]
Executing UObject::StaticShutdownAfterError
Assertion failed: VoiceIndex<VOICE_MAX_CHATTERS [File:UnChan.cpp] [Line: 1710]

When i google for this "Assertion failed: VoiceIndex<VOICE_MAX_CHATTERS", i found a few threads which speak of an exploit:

(Same error reported here:) http://www.xraygaming.com/forums/sho...?t=4293&page=2
(Bugtrack:) http://www.securityfocus.com/archive/1/495061

Quote:

======
2) Bug
======

The AA server can be terminated remotely through a specific single
spoofable UDP packet which leads to a failed assertion:

"Assertion failed: VoiceIndex<VOICE_MAX_CHATTERS"

Note: this bug is the same I found and disclosed in Unreal Tournament
2004 some days ago and which affects some other games too (ut2004null).

Is there any possible way, to avoid these people crashing my server?
It seems, that there are many players who can abuse this exploit...

[Wormbo]

That guy releases his "advisories" without giving affected game developers a head start. Send your praise to .

[Disasterpiece]

Uhm sry but i dont know what you mean.
Is this the one who creates this hacks? or can this help me in any way?

[Wormbo]

Quote:

Originally Posted by Wormbo

That guy releases his "advisories" without giving affected game developers a head start. Send your praise to .

I can only repeat myself here, he'll actually read your mails. Expect fun replies.

[apophis.ch]

Quote:

Originally Posted by Wormbo

That guy releases his "advisories" without giving affected game developers a head start. Send your praise to ***EMAIL REMOVED***.

And you think a childish action like sending silly E-mails here will be more productive? Do you really think that Epic would make a Fix / Patch in a usefull timeframe?

Full Disclose is a way to make a little public pressure, and even that normally doesn't work, especially not with a game that old!

Pointing Fingers doesn't help at all, its not his fault that the bug is there, and its certainly better to have the full disclosure rather than having the information just with a few hackers out there...

[SkrU]

Quote:

Originally Posted by apophis.ch

And you think a childish action like sending silly E-mails here will be more productive? Do you really think that Epic would make a Fix / Patch in a usefull timeframe?

Full Disclose is a way to make a little public pressure, and even that normally doesn't work, especially not with a game that old!

Pointing Fingers doesn't help at all, its not his fault that the bug is there, and its certainly better to have the full disclosure rather than having the information just with a few hackers out there...

I gotta blame someone for I am now running a patch that turns on all weapons spawns on in an IG server. It will never be the same. No thanks to this guy my clan's UT days ARE OVER unless someone comes out with a fix for the fix.

[apophis.ch]

Quote:

Originally Posted by SkrU

I gotta blame someone for I am now running a patch that turns on all weapons spawns on in an IG server. It will never be the same. No thanks to this guy my clan's UT days ARE OVER unless someone comes out with a fix for the fix.

Blame Epic for not fixing their products anymore. And especially, lets be reasonable.

Quote:

no, some months ago I have changed my policy about contacting vendor/developers for various reasons.
then in the past I have never had a quick response from Epic, usually were required months between my first mail and the final patch or hotfix. [Source]

[Wormbo]

Yes, sort of. He created a proof-of-concept exploit and released it, along with his advisory, to the public.

[Disasterpiece]

well then. just shutting down all servers and wait until something happens?

//e:

could anyone post the ip of this jerk or send it per pm to me so i can try to block his attacks?
seems to be the only way to me...

[Shambler]

Posted this fix on the UT2004 mailing list (Win32 only), though I guess there aren't many people still on that list:
http://download.beyondunreal.com/fil...xploit-fix.zip (thanks to Haarg at BU for uploading).

That's tested and works, feel free to pass the link on to other UT2004 admins, though please don't have it posted on news sites.

[}TCP{Carnage]

hope the linux fix will be there shortly too .. quite annoying

[Disasterpiece]

well, i dont have time for writing senseless messages to some jerks who have nothing better to do than making trouble in the ut community

i'll try this fix. thx

[Donzi]

Linux:

Code:

Log: Log file open, Sun Sep 14 21:09:31 2008
Init: Name subsystem initialized
Init: Version: 3339 (128.29)
Init: Compiled: Nov 13 2004 05:57:06
Init: Command line: DM-Rankin-FE?Game=3spnv3141.TeamArenaMaster?*cut* -nohomedir
Init: (This is Linux patch version 3339.0)
Init: Character set: Unicode
Init: Base directory: /*cut
Init: Ini:/*cut*  UserIni:User.ini
Init: Build label:  Build UT2004_Build_[2005-11-23_16.22]
Init: Object subsystem initialized
Log: Executing Class Engine.ServerCommandlet
Warning: Missing Class Class Editor.TransBuffer
Critical: Can't find 'intAMasterServerUplinkexecForceGameStateRefresh' in 'IpDrv.dll'
Exit: Executing UObject::StaticShutdownAfterError
Exit: Exiting.
Log: FileManager: Reading 0 GByte 12 MByte 579 KByte 204 Bytes from HD took 0.187045 seconds (0.059468 reading, 0.127577 seeking).
Log: FileManager: 0.000000 seconds spent with misc. duties
Uninitialized: Name subsystem shut down
Uninitialized: Log file closed, Sun Sep 14 21:09:32 2008

[jackycola]

I used the win32 patch on linux server -> didnt help.

then i added the linux-bin, that you posted here, now the server is up stable since 20:53 with no error o_O


thanks a lot

[frisp]

jackycola, do you still have the link. I'll give it a whirl here too.

Thanks in advance

[AnthraX]

sorry, the link I posted above was based on the v3339 version of ucc-bin. v3369 coming up.

[frisp]

Cheers Anthrax

[AnthraX]

Ok, second try:

http://utgl.unrealadmin.org/UT2004/V...xploit-fix.zip

[BattleMode]

Quote:

Originally Posted by AnthraX

Ok, second try:

http://utgl.unrealadmin.org/UT2004/V...xploit-fix.zip

Thank you !!!

[onkelx]

Thanks once more