Cuberite ForumCuberiteDiscussion
Just-released Minecraft exploit makes it easy to crash game servers

Threaded Mode
Just-released Minecraft exploit makes it easy to crash game servers
LogicParrot Offline
Cuberite Developer
******
Posts: 721
Threads: 77
Joined: Apr 2014
Thanks: 0
Given 8 thank(s) in 89 post(s)
#1
04-25-2015, 11:35 PM
Is MCServer vulnerable to this?
http://arstechnica.com/security/2015/04/...e-servers/
Find
Reply
Thanks given by:
NiLSPACE Offline
Cuberite Developer
******
Posts: 4,621
Threads: 113
Joined: Dec 2011
Thanks: 51
Given 55 thank(s) in 409 post(s)
#2
04-26-2015, 12:07 AM
This was already asked about a week ago Wink https://forum.cuberite.org/showthread.php?tid=1878

I think xoft already fixed it, but I'm not completely sure.
Find
Reply
Thanks given by:
xoft Offline
Cuberite Developer
******
Posts: 6,486
Threads: 176
Joined: Jan 2012
Thanks: 40
Given 156 thank(s) in 838 post(s)
#3
04-26-2015, 01:30 AM
It's not exactly fixed, it's only that MCS has been immune to that one particular piece of code; however, if someone were to modify the code just a bit (go from 300 lists to 250 lists), they could still cause slight lag on the server. The server won't run out of memory nor use extreme amounts of CPU, it will just spend a bit more time decoding packets from that particular client, and then it kicks them right afterwards, so no more parsing.

True, it could still cause problems on tight architectures such as the RasPi, those are more RAM and CPU sensitive than x86-based platforms.
Find
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)