New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Server Crashing Critical Exploit via in game chat via macros. #5030
Comments
If you haven't yet updated to P58, I recommend installing this: |
If we are running publish 57 this error occurs
|
You'll need to copy this section of code into NetState.cs: |
Ok now I have it down to 3 errors `Network\MessagePump.cs(233,20): error CS0176: Member 'NetState.GetHandler(int)' cannot be accessed with an instance reference; qualify it with a type name instead [F:\UOAlive\UOAlive\Server\Server.csproj] Build FAILED. Network\MessagePump.cs(233,20): error CS0176: Member 'NetState.GetHandler(int)' cannot be accessed with an instance reference; qualify it with a type name instead [F:\UOAlive\UOAlive\Server\Server.csproj] |
Ok down to 2 `Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj] Build FAILED. Network\PacketThrottles.cs(59,42): error CS1503: Argument 2: cannot convert from 'method group' to 'ThrottlePacketCallback' [F:\UOAlive\UOAlive\Server\Server.csproj] |
We've discovered a vulnerability of ServUO, where a user with Razor Enhanced can bring ServUO activity to a stand-still, where other players can't move and then several people become disconnected.
It appears to occur with looping scripts without pauses that send any of these commands in rapid succession, using a loop without pauses:
These are all routed through the AsciiSpeech packet handler.
For instance, this script prevented other users from moving while it was running:
while True:
Player.ChatWhisper(20, "all follow me")
After many seconds, we got a console error:
"Too much data pending, disconnecting..."
...and then several users were disconnected.
It can range from 1 - 50 - 100 depending on how many are online.
This seems to be a MAJOR vulnerability, where one user can spoil the game for others. We'd like to join together to get a resolution to this quickly as it is pretty damaging to servers.
The text was updated successfully, but these errors were encountered: