1 (edited by ADI64 2010-11-08 22:50:14)

Topic: Severe issue: How to crash a server

Although I read many times that Server Crashers are no issue anymore on vanilla servers, I am still able to produce server crashes, both on mod servers and on vanilla servers (yes, I do have the newest version. I also checked it on online servers running vanilla mod).

It is such a HUGE security hole and you can reproduce it so easily (took me 1 minute to find out how to crash a server), it's really unbelievable.

Basically, every UDP packet betwen 3 and 5 bytes in size with random content crashes a running vanilla server.

I mean - why does this happen? Don't you do any validity checking on the packets that come in?

I didn't do further checking, but I think you could be able to do a buffer overflow using this technique which can lead to really serious security problems on your PC / server.

(Note: If any "authority" here reads this, understands it and thinks that this information is a threat / a help for script kiddies, you can edit my post to remove the "instructions". But anyone who is a tiny bit interested in crashing servers and who is capable of a little bit of programming can find this out in 1 minute.)

EDIT: I just realized this thread could belong to the support boards... Feel free to move it.

2

Re: Severe issue: How to crash a server

ADI64 wrote:

Although I read many times that Server Crashers are no issue anymore on vanilla servers, I am still able to produce server crashes, both on mod servers and on vanilla servers (yes, I do have the newest version. I also checked it on online servers running vanilla mod).

It is such a HUGE security hole and you can reproduce it so easily (took me 1 minute to find out how to crash a server), it's really unbelievable.

Basically, every UDP packet betwen 3 and 5 bytes in size with random content crashes a running vanilla server.

I mean - why does this happen? Don't you do any validity checking on the packets that come in?

I didn't do further checking, but I think you could be able to do a buffer overflow using this technique which can lead to really serious security problems on your PC / server.

(Note: If any "authority" here reads this, understands it and thinks that this information is a threat / a help for script kiddies, you can edit my post to remove the "instructions". But anyone who is a tiny bit interested in crashing servers and who is capable of a little bit of programming can find this out in 1 minute.)

EDIT: I just realized this thread could belong to the support boards... Feel free to move it.

did you use 0.5 trunk?

i doubt you did


this f%$/§ bug is fixed in trunk

3 (edited by Deleted User 2010-11-08 23:05:04)

Re: Severe issue: How to crash a server

ADI64 wrote:

Although I read many times that Server Crashers are no issue anymore on vanilla servers, I am still able to produce server crashes, both on mod servers and on vanilla servers (yes, I do have the newest version. I also checked it on online servers running vanilla mod).

It is such a HUGE security hole and you can reproduce it so easily (took me 1 minute to find out how to crash a server), it's really unbelievable.

Basically, every UDP packet betwen 3 and 5 bytes in size with random content crashes a running vanilla server.

The newest version is in this case Teeworlds Trunk where this bug and even other more critical bugs are already fixed for months. Just patch your client and server with these fixes if you want. You can find the newest Teeworlds Trunk here.

4

Re: Severe issue: How to crash a server

Oh okay, thanks for your replies!
I used the "official" release, not the git version.Why didn't the update made it to the "stable" version offered on the download page?

And besides, I tried this crash on some online servers - vanilla and mods - and in every case I managed to crash the server. Maybe I was just lucky and crashed "old" servers, but then there were a lot of them.

5

Re: Severe issue: How to crash a server

ADI64 wrote:

Oh okay, thanks for your replies!
I used the "official" release, not the git version.Why didn't the update made it to the "stable" version offered on the download page?

And besides, I tried this crash on some online servers - vanilla and mods - and in every case I managed to crash the server. Maybe I was just lucky and crashed "old" servers, but then there were a lot of them.

1) you shouldnt do so sad

2) check the version (info tab in server browser)

6

Re: Severe issue: How to crash a server

Already known since ~1 year, but thank you for the information.

7

Re: Severe issue: How to crash a server

ADI64 wrote:

Oh okay, thanks for your replies!
I used the "official" release, not the git version.Why didn't the update made it to the "stable" version offered on the download page?

As I remember matricks said that this will need a lot of time for testing.


ADI64 wrote:

And besides, I tried this crash on some online servers - vanilla and mods - and in every case I managed to crash the server. Maybe I was just lucky and crashed "old" servers, but then there were a lot of them.

My server is running with the newest trunk version of Teeworlds. I update my server every time if there is a new version. If you want you can try to make an illegal operation on it like a server crash. If you have success we can fix a new bug. Just search for "Swordy's Server - Tower Maps".

8

Re: Severe issue: How to crash a server

/sign

It would be really a good step to release a version 0.5.3 or 0.5 stable or sth like this, even when the team is developing for the 0.6 release. (Well, i dunno how long it might take that 0.6 will be released, but if it will need still some weeks, you should release 0.5.3/stable!)

9 (edited by ADI64 2010-11-09 18:25:17)

Re: Severe issue: How to crash a server

heinrich5991 wrote:
ADI64 wrote:

[...]
I used the "official" release, not the git version.

1) you shouldnt do so sad

Well the point is that MANY servers out there are vulnerable to this.

How do I know I am supposed to check out a git repository and compile the server myself if there is a huge DOWNLOAD Tab / Button offering binaries? There is no warning message saying that the current stable / "public" version has SERIOUS security issues.

I guess that most server admins think this way. I also guess that most of them are not able to compile it from source.
In my opinion, this is just really negligent.

I understand that a new major release takes a long time testing, but why don't you just patch the current version and set this as default so that people are quasi-forced to update? You don't even need to double-check this patch thoroughly because I can't really imagine the patch opening security holes that are more serious than this one.

Slayer *gV*: Word.

10

Re: Severe issue: How to crash a server

ADI64 wrote:

How do I know I am supposed to check out a git repository and compile the server myself if there is a huge DOWNLOAD Tab / Button offering binaries? There is no warning message saying that the current stable / "public" version has SERIOUS security issues.

I guess that most server admins think this way. I also guess that most of them are not able to compile it from source.
In my opinion, this is just really negligent.

there was a note on the forum... but it was removed... i dont know why