« previous next »
Pages: [1]

Author Topic: Soldat Dedicated Server Security Flaw - Fix Released  (Read 7319 times)

0 Members and 1 Guest are viewing this topic.

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Soldat Dedicated Server Security Flaw - Fix Released
« on: March 08, 2007, 01:55:44 pm »
IMPORTANT: THIS FLAW CAN BE ABUSED TO DOWNLOAD -ANY- FILE OFF THE SERVER; USING RELATIVE PATHS IT'S POSSIBLE FOR SOMEONE TO DOWNLOAD SUCH THINGS AS PHP FILES THAT CONTAIN PASSWORDS FOR ROOT SERVER ACCESS. DISABLE FILE TRANSFER IMMEDIATELY UNTIL YOU UPGRADE!

A recent flaw with file sending has been discovered, that allows attackers to send a specially crafted string to the server and get your soldat.ini, and thus, your admin password. A fix has been released; see this topic.
« Last Edit: March 08, 2007, 11:03:48 pm by chrisgbk »
Logged

Offline truup

  • Soldier
  • **
  • Posts: 243
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #1 on: March 08, 2007, 03:15:31 pm »
GJ Enesce we trust in you.
Logged

Offline skc.r0adkill

  • Major(1)
  • Posts: 17
  • selfkill.com Head-Admin
    • selfkill.com
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #2 on: March 08, 2007, 03:55:08 pm »
 :-X
Logged
*have phun* =D

Offline KeYDoN

  • Major
  • *
  • Posts: 60
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #3 on: March 08, 2007, 03:57:39 pm »
:x :x
Logged

Offline Frenchie

  • Camper
  • ***
  • Posts: 358
  • SoldatHQ
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #4 on: March 08, 2007, 03:59:38 pm »
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Logged
Soldat Lobby Avec Players -New Release! - Updated AGAIN!

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #5 on: March 08, 2007, 04:02:14 pm »
Quote from: Frenchie on March 08, 2007, 03:59:38 pm
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.
Logged

Offline Clawbug

  • Veteran
  • *****
  • Posts: 1393
  • 1184!
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #6 on: March 08, 2007, 04:14:35 pm »
Quote from: chrisgbk on March 08, 2007, 04:02:14 pm
Quote from: Frenchie on March 08, 2007, 03:59:38 pm
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.
How was this flaw found then? :o
Logged
Fight! Win! Prevail!

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #7 on: March 08, 2007, 05:25:37 pm »
Quote from: Clawbug on March 08, 2007, 04:14:35 pm
Quote from: chrisgbk on March 08, 2007, 04:02:14 pm
Quote from: Frenchie on March 08, 2007, 03:59:38 pm
Just wondering, how many different versions does this bug affect?

Hope it hasn't been around that long.
Every version of the server that has file transfers is affected, even versions prior to 2.5.0. It's surprising that no one found this flaw earlier.
How was this flaw found then? :o

Well, I kind of can't tell you that without giving you details on how it works. But it's so simple, that I can't believe no one thought of it before, either to abuse it, or patch it.

READ THE NEW WARNING AT THE TOP OF THE ORIGINAL POST
« Last Edit: March 08, 2007, 05:30:42 pm by chrisgbk »
Logged

Offline Riax

  • Major(1)
  • Posts: 32
  • :M: Turbo Team!
    • Simplexity Network
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #8 on: March 08, 2007, 05:44:10 pm »
<_< I was just about to leave the forums when I saw the new reply to the thread by you. I'm glad I didn't; I have personal files on my server.

Thanks for the update.
Logged
Server Admin, MegaMod CTF

Founder, Simplexity Network // Fan, Machine Supremacy

Offline Leo

  • Soldat Beta Team
  • Veteran
  • ******
  • Posts: 1011
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #9 on: March 08, 2007, 06:10:00 pm »
Hmm.. since almost all my maps are custom I prefer to keep my servers down until patch released.
Logged

Offline EnEsCe

  • Retired Soldat Developer
  • Flamebow Warrior
  • ******
  • Posts: 3101
  • http://enesce.com/
    • [eC] Official Website
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #10 on: March 08, 2007, 09:22:10 pm »
Patch released.
Logged

Offline KeYDoN

  • Major
  • *
  • Posts: 60
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #11 on: March 08, 2007, 09:57:33 pm »
gj :D
Logged

Offline chrisgbk

  • Inactive Staff
  • Veteran
  • *****
  • Posts: 1739
Re: Soldat Dedicated Server Security Flaw - Fix Coming Later Today
« Reply #12 on: March 08, 2007, 11:02:17 pm »
Locked, since the newest server patch that addresses the issue is out, and no other information on this is currently necessary.
Logged
Pages: [1]
« previous next »