Serious Bug In PacketHandlers.cs - RunUO

autumntwilight · 12-26-2005, 10:47 PM

It appears there's a huge flaw in PacketHandlers.cs. Players can edit packets with a packet editor when naming a character that throw the server into a crash. I have no fix for this bug. I am seeking assistance on how to fix it myself.

Thistle · 12-27-2005, 09:07 AM

Hacker

Check the above link out as it may be what you're referring to.

ZaSz-RH · 12-28-2005, 12:32 AM

http://article.gmane.org/gmane.comp....line.sunuo/106

In Network\PacketHandlers.cs at line 1969, change:

Code:

Console.WriteLine( cityIndex );
Console.WriteLine( info.Length );
Console.WriteLine( "New character name: '{0}'", name );
state.Dispose();

for:

Code:

Console.WriteLine( cityIndex );
if ( info != null )
      Console.WriteLine( info.Length );
Console.WriteLine( "New character name: '{0}'", name );
state.Dispose();

And it should work.

I saw there were also the source of a C program to exploit that flaw somewhere on the net.

WarAngel · 12-28-2005, 12:41 AM

Why would you post the exploit directly onto the RunUO forums?

Deaths Advocate · 12-28-2005, 02:28 AM

umm to git help maybe on how to fix it? most ppl dont think well hrmm ppl will prolly exploit this flaw they usually think hrmm i need help *types in www.runuo.com* and bam they post

WarAngel · 12-28-2005, 02:50 AM

That doesn't require the posting of the actual exploit itself. A lot of people will use a dangerous tool if it's handed to them. You would be suprised at how many people will see this exploit and use it. If you think I'm wrong, then you obviously have not played on a shard with an exploitable situation before. I don't see how it was required at all.

Tannis · 12-28-2005, 03:22 AM

Quote:

Originally Posted by WarAngel

That doesn't require the posting of the actual exploit itself. A lot of people will use a dangerous tool if it's handed to them. You would be suprised at how many people will see this exploit and use it. If you think I'm wrong, then you obviously have not played on a shard with an exploitable situation before. I don't see how it was required at all.

Agreed! And I guess I can't post less than 10 characters, so here's the other few I needed.

ZaSz-RH · 12-28-2005, 11:06 AM

Removed the link. Thought it would help... but yeah it may be used by some idiots to crash shards...

WarAngel · 12-28-2005, 01:13 PM

Thanks ZaSz. Better off to leave the chance that they won't figure out where the exploit really is, if they don't notice the site hosting it or anything. ;-)

Ravatar · 12-28-2005, 04:05 PM

I'd have to say I'm a fan of the "security bulletin" approach. Make the exploit public and raise the awareness. That will force a fix to be released much sooner, and people will know WHY their servers are crashing.

If someone was "smart" about it, they'd create a worm that browses the UO Gateway server list and randomly crashes servers from a range of different remote computers.

WarAngel · 12-28-2005, 04:09 PM

Making exploits/hacks widely available is a terrible way to force people to update their servers and/or get fixes. I can't believe you'd even suggest that, or the second part of your post.

IHaveRegistered · 12-28-2005, 04:18 PM

Quote:

Originally Posted by WarAngel

Making exploits/hacks widely available is a terrible way to force people to update their servers and/or get fixes. I can't believe you'd even suggest that, or the second part of your post.

How was he suggesting it? He said someone COULD do that, which is why we need to stop it...

WarAngel · 12-28-2005, 04:19 PM

Bleh, I didn't mean suggest the second part, I meant suggest the first part. I meant that I couldn't believe he'd even post the second part.

ZaSz-RH · 12-29-2005, 12:22 AM

Anyway, smart people are able to create it or find it if they really want to...
This thread is about the fix, and the fix was posted. Fix your shard and have a nice day!

xir · 12-29-2005, 10:34 AM

The "exploit" is kind of obvious from the posted fix. How about checking for the exploit, log the attempt and autoblock the ip address?

jairon · 01-12-2006, 05:18 AM

I agree with you rav :P

Ohms_Law · 01-13-2006, 07:39 AM

From: http://www.opensource.org/advocacy/faq.php

Doesn't closed source help protect against crack attacks?

This is exactly backwards, as any cryptographer will tell you. Security through obscurity just does not work.
The reason it doesn't work is that security-breakers are a lot more motivated and persistent than good guys (who have lots of other things to worry about). The bad guys will find the holes whether source is open or closed (for a perfect recent example of this see The Tao of Windows Buffer Overflow).
Closed sources do three bad things. One: they create a false sense of security. Two: they mean that the good guys will not find holes and fix them. Three: they make it harder to distribute trustworthy fixes when a hole is revealed.
In fact, open-source operating systems and applications are generally much more security-safe than their closed-source counterparts. When the "Ping o' Death" exploit was revealed in 1997 (for example) Linux had fix patches within hours. Closed-source OSs didn't plug the hole for months.
Alan Cox has written an excellent article on The Risks of Closed Source Computing.

Simply substitute the word "source" with "posting exploits".
look, the only point I'm making is how in the world are we (honest, non-expoiting, Admins/GameMasters/Coders) supposed to battle against a bunch of script kiddies when we have no clue what in the world there doing?
Note that this isn't a comment on the original problem and/or the proposed fix. I've simply been doing some reading on www.opensource.org reacently, and this caught my eye.

XxSP1DERxX · 01-13-2006, 11:43 AM

As a note, since the networking has been recoded somewhat for the next version, I do not believe this is inherently a problem.

As for the fix, your post is fine.

In terms of closed source vs open source. This is not a concern for C#, as we have seen with dolts like the Russians, you can illegally decompile closed source code (especially C#) if you really wanted to, and not even obfustruction will stop it. The only thing that obfustruction will do, is make the program slower.

In my opinion, this debate should be over. The fix is fine until the release of the next version, and there is nothing wrong with this thread.

Viky · 01-13-2006, 02:58 PM

For this bug exist public and functional exploit who crash any RunUO 1.0.0 without patched core.

WarAngel · 01-13-2006, 03:49 PM

We know, hence why a fix was created and posted. And it does not require a patched core, as was already stated as well.

ThatGuyBehindYou · 08-05-2008, 07:55 PM

I guess its a stupid question but here you go:
Does the exploit work on RunUO 2.0 RC2? Sorry someone had to ask this

.

Sixkillers · 08-06-2008, 02:48 PM

No it doesnt.

12-26-2005, 10:47 PM	#1 (permalink)
autumntwilight Forum Expert Join Date: Feb 2005 Location: Houston, TX Age: 20 Posts: 313	Serious Bug In PacketHandlers.cs It appears there's a huge flaw in PacketHandlers.cs. Players can edit packets with a packet editor when naming a character that throw the server into a crash. I have no fix for this bug. I am seeking assistance on how to fix it myself.

12-28-2005, 12:32 AM	#3 (permalink)
ZaSz-RH Garm Brood Cerebrate Join Date: Dec 2003 Location: Québec, Canada Age: 23 Posts: 201	http://article.gmane.org/gmane.comp....line.sunuo/106 In Network\PacketHandlers.cs at line 1969, change: Code: Console.WriteLine( cityIndex ); Console.WriteLine( info.Length ); Console.WriteLine( "New character name: '{0}'", name ); state.Dispose(); for: Code: Console.WriteLine( cityIndex ); if ( info != null ) Console.WriteLine( info.Length ); Console.WriteLine( "New character name: '{0}'", name ); state.Dispose(); And it should work. I saw there were also the source of a C program to exploit that flaw somewhere on the net. __________________ Named after the fierce hellhound of Norse myth, the Garm strikes with alarming speed and ferocity. The minions of this Brood excel at hit and run raids that weaken their enemy's defensive formations. Zasz, the cunning Cerebrate of this Brood, delights in preemptive attacks, relying chiefly upon surprise to throw enemy forces into total chaos. Last edited by ZaSz-RH; 12-28-2005 at 11:05 AM.

12-28-2005, 11:06 AM	#8 (permalink)
ZaSz-RH Garm Brood Cerebrate Join Date: Dec 2003 Location: Québec, Canada Age: 23 Posts: 201	Removed the link. Thought it would help... but yeah it may be used by some idiots to crash shards... __________________ Named after the fierce hellhound of Norse myth, the Garm strikes with alarming speed and ferocity. The minions of this Brood excel at hit and run raids that weaken their enemy's defensive formations. Zasz, the cunning Cerebrate of this Brood, delights in preemptive attacks, relying chiefly upon surprise to throw enemy forces into total chaos.

12-29-2005, 12:22 AM	#14 (permalink)
ZaSz-RH Garm Brood Cerebrate Join Date: Dec 2003 Location: Québec, Canada Age: 23 Posts: 201	Anyway, smart people are able to create it or find it if they really want to... This thread is about the fix, and the fix was posted. Fix your shard and have a nice day! __________________ Named after the fierce hellhound of Norse myth, the Garm strikes with alarming speed and ferocity. The minions of this Brood excel at hit and run raids that weaken their enemy's defensive formations. Zasz, the cunning Cerebrate of this Brood, delights in preemptive attacks, relying chiefly upon surprise to throw enemy forces into total chaos.

01-13-2006, 07:39 AM	#17 (permalink)
Ohms_Law Forum Expert Join Date: Sep 2004 Age: 37 Posts: 1,006	From: http://www.opensource.org/advocacy/faq.php Doesn't closed source help protect against crack attacks? This is exactly backwards, as any cryptographer will tell you. Security through obscurity just does not work. The reason it doesn't work is that security-breakers are a lot more motivated and persistent than good guys (who have lots of other things to worry about). The bad guys will find the holes whether source is open or closed (for a perfect recent example of this see The Tao of Windows Buffer Overflow). Closed sources do three bad things. One: they create a false sense of security. Two: they mean that the good guys will not find holes and fix them. Three: they make it harder to distribute trustworthy fixes when a hole is revealed. In fact, open-source operating systems and applications are generally much more security-safe than their closed-source counterparts. When the "Ping o' Death" exploit was revealed in 1997 (for example) Linux had fix patches within hours. Closed-source OSs didn't plug the hole for months. Alan Cox has written an excellent article on The Risks of Closed Source Computing. Simply substitute the word "source" with "posting exploits". look, the only point I'm making is how in the world are we (honest, non-expoiting, Admins/GameMasters/Coders) supposed to battle against a bunch of script kiddies when we have no clue what in the world there doing? Note that this isn't a comment on the original problem and/or the proposed fix. I've simply been doing some reading on www.opensource.org reacently, and this caught my eye. Last edited by Ohms_Law; 01-13-2006 at 07:44 AM.

12-27-2005, 09:07 AM	#2 (permalink)
Thistle Forum Expert Join Date: Mar 2005 Posts: 1,155	Hacker Check the above link out as it may be what you're referring to.

12-28-2005, 12:41 AM	#4 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	Why would you post the exploit directly onto the RunUO forums?

12-28-2005, 02:28 AM	#5 (permalink)
Deaths Advocate Forum Novice Join Date: Jun 2005 Location: New Castle, Indiana Age: 20 Posts: 215	umm to git help maybe on how to fix it? most ppl dont think well hrmm ppl will prolly exploit this flaw they usually think hrmm i need help types in www.runuo.com and bam they post

12-28-2005, 02:50 AM	#6 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	That doesn't require the posting of the actual exploit itself. A lot of people will use a dangerous tool if it's handed to them. You would be suprised at how many people will see this exploit and use it. If you think I'm wrong, then you obviously have not played on a shard with an exploitable situation before. I don't see how it was required at all.

12-28-2005, 01:13 PM	#9 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	Thanks ZaSz. Better off to leave the chance that they won't figure out where the exploit really is, if they don't notice the site hosting it or anything. ;-)

12-28-2005, 04:05 PM	#10 (permalink)
Ravatar Forum Expert Join Date: Sep 2002 Age: 23 Posts: 1,472	I'd have to say I'm a fan of the "security bulletin" approach. Make the exploit public and raise the awareness. That will force a fix to be released much sooner, and people will know WHY their servers are crashing. If someone was "smart" about it, they'd create a worm that browses the UO Gateway server list and randomly crashes servers from a range of different remote computers.

12-28-2005, 04:09 PM	#11 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	Making exploits/hacks widely available is a terrible way to force people to update their servers and/or get fixes. I can't believe you'd even suggest that, or the second part of your post.

12-28-2005, 04:19 PM	#13 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	Bleh, I didn't mean suggest the second part, I meant suggest the first part. I meant that I couldn't believe he'd even post the second part.

12-29-2005, 10:34 AM	#15 (permalink)
xir Forum Newbie Join Date: Jul 2004 Posts: 59	The "exploit" is kind of obvious from the posted fix. How about checking for the exploit, log the attempt and autoblock the ip address?

01-12-2006, 05:18 AM	#16 (permalink)
jairon Newbie Join Date: Feb 2004 Posts: 50	I agree with you rav :P

08-06-2008, 02:48 PM	#22 (permalink)
Sixkillers Newbie Join Date: May 2006 Posts: 67	No it doesnt.

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

01-13-2006, 11:43 AM	#18 (permalink)
XxSP1DERxX Join Date: Oct 2002 Age: 22 Posts: 4,689	As a note, since the networking has been recoded somewhat for the next version, I do not believe this is inherently a problem. As for the fix, your post is fine. In terms of closed source vs open source. This is not a concern for C#, as we have seen with dolts like the Russians, you can illegally decompile closed source code (especially C#) if you really wanted to, and not even obfustruction will stop it. The only thing that obfustruction will do, is make the program slower. In my opinion, this debate should be over. The fix is fine until the release of the next version, and there is nothing wrong with this thread.

01-13-2006, 02:58 PM	#19 (permalink)
Viky Newbie Join Date: Nov 2003 Posts: 60	For this bug exist public and functional exploit who crash any RunUO 1.0.0 without patched core.

01-13-2006, 03:49 PM	#20 (permalink)
WarAngel Account Terminated Join Date: Jun 2004 Location: Cincinnati, Ohio Age: 20 Posts: 3,954	We know, hence why a fix was created and posted. And it does not require a patched core, as was already stated as well.

08-05-2008, 07:55 PM	#21 (permalink)
ThatGuyBehindYou Newbie Join Date: Jul 2008 Age: 18 Posts: 60	I guess its a stupid question but here you go: Does the exploit work on RunUO 2.0 RC2? Sorry someone had to ask this . __________________ "I remember the time i was kidnapped and they sent a piece of my finger to my father, He said he wanted more proof."

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode