The game is affected by a buffer-overflow in the visualization function
called G_Printf().
This function uses a sprintf() with a local buffer of 1024 bytes where
it stores the text to display in the console so if an attacker sends a
big message (through the commands say and tell for example) the server
calls G_Printf() for visualizing a string like the following example:
" say: NICKNAME: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\n\n\n\naaaaaaaaaa\n\n"."
The result is that an attacker could execute malicious code on the
victim server.
The only limitation is that this is an in-game bug so the attacker must
have access to the server.
- download my patcher for the Call of Duty buffer-overrun bug:
http://aluigi.org/patches/codmsgfix.lpatch- open the following file contained in your Jedi Academy folder with a
ZIP program (like Winzip for example):
GameData\base\assets3.pk3
note that the number of the assets file can change if you have other
versions of the game, in any case get the file with the higher
number available.
- extract the file jampgamex86.dll
- launch codmsgfix.lpatch with lpatch.exe (you can find all the
instructions within the codmsgfix.lpatch file which is a normal text
file)
- select the dll file you have just extracted, you will receive a
success message
- create a zip file containing only the patched jampgamex86.dll file.
the name of the zip must be assets4.pk3 (note the number 4 while the
other zip was 3) and must be placed in the same folder where is
located assets3.pk3.
- your server is patched and will no longer crash (or worst since this
is a buffer-overflow bug).
