Author Topic: Soldat Dedicated Server Security Flaw - Fix Released  (Read 8222 times)

0 Members and 3 Guests are viewing this topic.

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Soldat Dedicated Server Security Flaw - Fix Released
« on: March 08, 2007, 01:55:44 pm »
IMPORTANT: THIS FLAW CAN BE ABUSED TO DOWNLOAD -ANY- FILE OFF THE SERVER; USING RELATIVE PATHS IT'S POSSIBLE FOR SOMEONE TO DOWNLOAD SUCH THINGS AS PHP FILES THAT CONTAIN PASSWORDS FOR ROOT SERVER ACCESS. DISABLE FILE TRANSFER IMMEDIATELY UNTIL YOU UPGRADE!

A recent flaw with file sending has been discovered, that allows attackers to send a specially crafted string to the server and get your soldat.ini, and thus, your admin password. A fix has been released; see this topic.
« Last Edit: March 08, 2007, 11:03:48 pm by chrisgbk »

Offline truup

  • Soldier
  • **
  • Posts: 243
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #1 on: March 08, 2007, 03:15:31 pm »
GJ Enesce we trust in you.

Offline skc.r0adkill

  • Major(1)
  • Posts: 17
  • selfkill.com Head-Admin
    • selfkill.com
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #2 on: March 08, 2007, 03:55:08 pm »
 :-X
*have phun* =D

Offline KeYDoN

  • Major
  • *
  • Posts: 60
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #3 on: March 08, 2007, 03:57:39 pm »
:x :x

Offline Frenchie

  • Camper
  • ***
  • Posts: 358
  • SoldatHQ
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #4 on: March 08, 2007, 03:59:38 pm »
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Soldat Lobby Avec Players -New Release! - Updated AGAIN!


Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #5 on: March 08, 2007, 04:02:14 pm »
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.

Offline Clawbug

  • Veteran
  • *****
  • Posts: 1393
  • 1184!
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #6 on: March 08, 2007, 04:14:35 pm »
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.
How was this flaw found then? :o
Fight! Win! Prevail!

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #7 on: March 08, 2007, 05:25:37 pm »
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.
How was this flaw found then? :o

Well, I kind of can't tell you that without giving you details on how it works. But it's so simple, that I can't believe no one thought of it before, either to abuse it, or patch it.

READ THE NEW WARNING AT THE TOP OF THE ORIGINAL POST
« Last Edit: March 08, 2007, 05:30:42 pm by chrisgbk »

Offline Riax

  • Major(1)
  • Posts: 32
  • :M: Turbo Team!
    • Simplexity Network
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #8 on: March 08, 2007, 05:44:10 pm »
<_< I was just about to leave the forums when I saw the new reply to the thread by you. I'm glad I didn't; I have personal files on my server.

Thanks for the update.
Server Admin, MegaMod CTF

Founder, Simplexity Network // Fan, Machine Supremacy

Offline Leo

  • Soldat Beta Team
  • Veteran
  • ******
  • Posts: 1011
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #9 on: March 08, 2007, 06:10:00 pm »
Hmm.. since almost all my maps are custom I prefer to keep my servers down until patch released.


Offline KeYDoN

  • Major
  • *
  • Posts: 60
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #11 on: March 08, 2007, 09:57:33 pm »
gj :D

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #12 on: March 08, 2007, 11:02:17 pm »
Locked, since the newest server patch that addresses the issue is out, and no other information on this is currently necessary.