In-Reply-To: <20040310163053.6db31644.aluigi@altervista.org> It seems that all servers running the MOD "TacticalOps" for UT1 are not affected by the vulnerability. I ran a local test server and got the following output: "PreLogin failure: Player Class: %n%n%n.s_Player_T is not valid! - reinstall Tact ical Ops properly. (NEEDPW)" it seems that the UT engine calls the "PreLogin" function of the currently active GameInfo class (which is written in UnrealScript) before processing the string. TacticalOps code: event PreLogin (string Options, string Address, out string Error, out string FailCode) { local string Value; Super.PreLogin(Options,Address,Error,FailCode); Value=ParseOption(Options,"Class"); if ( !Value ~= "s_SWAT.s_Player_T" ) { Error="Player Class:" @ Value @ "is not valid! - reinstall Tactical Ops properly."; return; } } So basicially only a new GameInfo class writtin in UnrealScript containing the following should stop the crash problem: event PreLogin (string Options, string Address, out string Error, out string FailCode) { Super.PreLogin(Options,Address,Error,FailCode); if(InStr(ParseOption(Options,"Class"),"%") Error = "Crash exploit"; } >Application: Unreal engine > http://unreal.epicgames.com >Games: - America's Army > - DeusEx > - Devastation > - Magic Battlegrounds > - Mobile Forces > - Nerf Arena Blast > - Postal 2 > - Rainbow Six: Raven Shield > - Rune > - Sephiroth: 3rd episode the Crusade > - Star Trek: Klingon Honor Guard > - Tactical Ops > - TNN Pro Hunter > - Unreal 1 > - Unreal II XMP > - Unreal Tournament > - Unreal Tournament 2003 > - Wheel of Time > - X-com Enforcer > - XIII > (the list contains all the Unreal based games with > multiplayer support released until now) >Platforms: Windows, Linux and MacOS >Bug: remote format string bug >Risk: critical >Exploitation: remote, versus server >Date: 10 Mar 2004 >Author: Luigi Auriemma > e-mail: aluigi@altervista.org > web: http://aluigi.altervista.org > >
