Official Soldat Forums
Official Content => News => Topic started by: chrisgbk on April 21, 2007, 09:47:30 pm
-
A large vulnerbility with ARSSE has become known; if you use ARSSE, a hacker can cause your copy of ARSSE to execute arbitrary commands (most likely, said person will run /admip or /adm to give themselves admin access); said hacker can also cause your copy of ARSSE to freeze or crash, which not only prevents you from admining the server remotely, it will also most likely remove your clientside logs of anything happening. There is nothing you can change currently to prevent this from happening, so stop using ARSSE until KeFear fixes it.
1.4.0 will have some measures in place to prevent this, but at this time there won't be an update released to the dedicated server, because the exploit doesn't affect the server itself.
-
Lazy developer needs to fix his software.
*cough* KeFear *cough*
On a side note: (Customers of my server hosting don't need to worry about this)
You can make an iptables rule to block this exploit on outgoing TCP packets to your server port.
-
What about original admin program?
-
Original admin program is unaffected, but that's not to say it doesn't have it's own issues.
-
hackers... seems like so much time is spent keeping loosers from breaking the game that could be spent making the game better... I suppose its life though.
-
hackers... seems like so much time is spent keeping loosers from breaking the game that could be spent making the game better... I suppose its life though.
Well, they kinda make it better. They find the securityholes, and developers fix them. :}
-
oh yes thnx for telling me..
ppl were joining my server all the time last night becus someone was ruining yurs tw server enesce
i closed it already!
Any good other variants?
-
Ok, thanks for reporting this. I'm working on ARSSE to fix this. I've uploaded a fix that solves the 'if $MESSAGE' bug for now. Expect the /commands fix hopefuly this evening. I can't embed CRLF into chat at the moment to imitate the bug yet.
-
This has nothing to do with Soldat or BattlEye, it's a hole in (the) ARSSE.
-
it's a hole in ARSSE.
No pun intended :P
-
;)
-
KeFear and I tested some crap and I gave him suggestions to fix it all up 100%. Now everything is fine and all bugs are fixed, except for the REFRESHX admin client freezing bug.
ChrisGBK can help him fix that since I know nothing about delphi and its TCP sockets.
It was a combination of soldat server not filtering out end of lines and ARSSE reading and writing TCP packets. The blame can't really fall on either party. KeFear did the best job he could with the admin protocol, which has a tendency to make TCP packets "stick" together. It makes it necessary to parse them using the end of lines.
However I have talked to EnEsCe as well about various bugs that could be used to obtain admin access, such as the /adminlog command spying which was used by me and Chrisgbk to find the admin password of EnEsCe's servers. ( Chris wanna play the adminlog game? :) ) But he didn't think it was as important, and he is right in that regard, since it is not easy and must be timed perfectly.
-coyote
-
Would it simply be possible to disable admin adding commands entirely so that this can't be an issue? Let admins be added via control panels or via FTP.
-
doesn't work anymore anyway.
it is relatively safe now.
/admip could only be executed when the ARSSE client had a script that said "/say $PLAYER_NAME"
by the way domino, all apologies for the server deal. just proving a concept.
-
Would it simply be possible to disable admin adding commands entirely so that this can't be an issue? Let admins be added via control panels or via FTP.
I think that if you leave the Admin_Password= field blank it won't spawn the admin-connection thread.
-
Yeah, I think somebody set !Elite Modern Combat as max 32 players, Rambo Match, and put about 20 bots in there.
-
Would it simply be possible to disable admin adding commands entirely so that this can't be an issue? Let admins be added via control panels or via FTP.
stop using ARSSE and you're safe. until either 1) there's a new version of ARSSE out or 2) 1.4 is out
-
Just do what I did, open soldatserver in a HEX editor and search/replace "adminlog" with something else but the same length like "logadmin" or "4dm1nl0g", then to login they have to know what its been changed to.
-
Just do what I did, open soldatserver in a HEX editor and search/replace "adminlog" with something else but the same length like "logadmin" or "4dm1nl0g", then to login they have to know what its been changed to.
but doesn't that violate the EULA of Soldat? :P
-
Old habits die hard, eh, EnEsCe?
-
EnEsCe is just a l337 h4x0r, he'll do whatever it takes.
-
Theres no EULA distributed with the dedicated server :)
-
Heh, you last edited that at 12:00:00
Strove for accuracy, heh?
-
I want my Soldat 1.4! Forget the admin programs!!!!!
^^ omg, im sorry =\
Hmmm, good news for the arsse users. Thanks.
-
ARSSE is now updated at the main download link, so it is now safe to use.
I will update my first post there if i have some time tonight.
Coyote helped me to fix the issues with ARSSE, so thanks to him it is relatively safe now.
-
Omfg ive seen someone named ****** hacking in leos RSA! but its not related to this, good job.
Please do discuss specific hacks or hackers on these forums. (http://forums.soldat.pl/index.php?action=help)[/url]
-
Omfg ive seen someone named ****** hacking in leos RSA! but its not related to this, good job.
you MUST be thinking of someone else. no, seriously, YOUR MEMORY must fail you because that couldn't have been me.
i am only here for helping to fix vulnerabilities. a "good hacker" in the true sense of the word, meaning the good connotation of someone who figures out how something works for the purposes of making it more safe.
-coyote
-
hehe ARSSE sounds funny.
On a more serious note, how does it work and how do these hackers appear to be infiltrating server admins?