Cuberite ForumCuberiteDiscussion
Just-released Minecraft exploit makes it easy to crash game servers

Threaded Mode
Just-released Minecraft exploit makes it easy to crash game servers
LogicParrot Offline
Cuberite Developer
******
Posts: 721
Threads: 77
Joined: Apr 2014
Thanks: 113
Given 130 thank(s) in 91 post(s)
#1
04-25-2015, 11:35 PM
Is MCServer vulnerable to this?
http://arstechnica.com/security/2015/04/...e-servers/
Find
Reply
Thanks given by:
NiLSPACE Offline
Cuberite Developer
******
Posts: 4,628
Threads: 115
Joined: Dec 2011
Thanks: 693
Given 494 thank(s) in 423 post(s)
#2
04-26-2015, 12:07 AM
This was already asked about a week ago Wink https://forum.cuberite.org/showthread.php?tid=1878

I think xoft already fixed it, but I'm not completely sure.
Find
Reply
Thanks given by:
xoft Offline
Cuberite Developer
******
Posts: 6,485
Threads: 176
Joined: Jan 2012
Thanks: 131
Given 1074 thank(s) in 852 post(s)
#3
04-26-2015, 01:30 AM
It's not exactly fixed, it's only that MCS has been immune to that one particular piece of code; however, if someone were to modify the code just a bit (go from 300 lists to 250 lists), they could still cause slight lag on the server. The server won't run out of memory nor use extreme amounts of CPU, it will just spend a bit more time decoding packets from that particular client, and then it kicks them right afterwards, so no more parsing.

True, it could still cause problems on tight architectures such as the RasPi, those are more RAM and CPU sensitive than x86-based platforms.
Find
Reply
Thanks given by:




Users browsing this thread: 1 Guest(s)