Fisch.666
21.05.07, 00:33
Hi!
Bin grad beim stöbern in den www.punksbusted.com Foren über diesen Thread hier gestolpert:
http://www.punksbusted.com/forums/index.php?showtopic=33939
Im ET Server 2.60b soll es wohl 2 Sicherheitslücken geben, welche durch die angehängten Patches behoben sein sollen.
Leider habe ich keine Ahnung ob man der Quelle der Patches trauen kann...
*Edit*
Gerade gesehen dass man sich da einloggen muss. Ich poste gerade mal den Inhalt des Threads hier rein...
Two vulnerabilities have been discovered that can allow clients to either crash the server and/or interfere with the banning functions of certain mods. If you run an ETPro server, a lua fix is available which allows the game to be patched if you only have ftp access (only fixes /ws, userinfo bug does not apply). If you run a different mod, it is recommended that you use the patch posted here.
Many thanks to Hanfling for making us aware of this.
et260b_serverfix.tar.gz (http://www.punksbusted.com/omnix/et260b_serverfix.tar.gz)
wsfix.lua - ETPRO ONLY (http://www.punksbusted.com/omnix/wsfix.lua)
This little program actively fixes security vulnerabilities in ET server 2.60b, for all mods.
Vulnerability 1)
clientcommand 'ws' requests weapon stats, and the argument is a weapon. There are no boundary checks on this arg so any part of server memory can be read (including RCON pass), and, if passed a large number, crash the server with sig11.
This program intercepts the ws command from a client and checks it is not out of bounds.
Vulnerability 2)
Bogus userinfo string can be injected to confuse the server resulting in a ban for everyone (etpub) or unable to ban (jaymod & noquarter). This program intercepts a changed userinfo string and checks if it is valid, in case it is found to be bogus the client is dropped.
To make
type 'make'
No libs needed.
copy etsfix.so to the ET dir and edit run_server.sh for example or modify.
~Zatochi / Tao @ Gentoo
*Edit2*
Ok, der wsfix.lua patch ist der gleiche wie dieser hier:
http://wolfwiki.anime.net/index.php/User:ReyalP
Denke mal diesem .lua script kann man trauen...
*Edit3*
Noch ein paar Infos bzw. Lua Scripte welche Bugs beheben sollen:
http://bani.anime.net/banimod/forums/viewtopic.php?t=6777
Bin grad beim stöbern in den www.punksbusted.com Foren über diesen Thread hier gestolpert:
http://www.punksbusted.com/forums/index.php?showtopic=33939
Im ET Server 2.60b soll es wohl 2 Sicherheitslücken geben, welche durch die angehängten Patches behoben sein sollen.
Leider habe ich keine Ahnung ob man der Quelle der Patches trauen kann...
*Edit*
Gerade gesehen dass man sich da einloggen muss. Ich poste gerade mal den Inhalt des Threads hier rein...
Two vulnerabilities have been discovered that can allow clients to either crash the server and/or interfere with the banning functions of certain mods. If you run an ETPro server, a lua fix is available which allows the game to be patched if you only have ftp access (only fixes /ws, userinfo bug does not apply). If you run a different mod, it is recommended that you use the patch posted here.
Many thanks to Hanfling for making us aware of this.
et260b_serverfix.tar.gz (http://www.punksbusted.com/omnix/et260b_serverfix.tar.gz)
wsfix.lua - ETPRO ONLY (http://www.punksbusted.com/omnix/wsfix.lua)
This little program actively fixes security vulnerabilities in ET server 2.60b, for all mods.
Vulnerability 1)
clientcommand 'ws' requests weapon stats, and the argument is a weapon. There are no boundary checks on this arg so any part of server memory can be read (including RCON pass), and, if passed a large number, crash the server with sig11.
This program intercepts the ws command from a client and checks it is not out of bounds.
Vulnerability 2)
Bogus userinfo string can be injected to confuse the server resulting in a ban for everyone (etpub) or unable to ban (jaymod & noquarter). This program intercepts a changed userinfo string and checks if it is valid, in case it is found to be bogus the client is dropped.
To make
type 'make'
No libs needed.
copy etsfix.so to the ET dir and edit run_server.sh for example or modify.
~Zatochi / Tao @ Gentoo
*Edit2*
Ok, der wsfix.lua patch ist der gleiche wie dieser hier:
http://wolfwiki.anime.net/index.php/User:ReyalP
Denke mal diesem .lua script kann man trauen...
*Edit3*
Noch ein paar Infos bzw. Lua Scripte welche Bugs beheben sollen:
http://bani.anime.net/banimod/forums/viewtopic.php?t=6777