Official Content > News

ARSSE vulnerbility

(1/6) > >>

chrisgbk:
A large vulnerbility with ARSSE has become known; if you use ARSSE, a hacker can cause your copy of ARSSE to execute arbitrary commands (most likely, said person will run /admip or /adm to give themselves admin access); said hacker can also cause your copy of ARSSE to freeze or crash, which not only prevents you from admining the server remotely, it will also most likely remove your clientside logs of anything happening. There is nothing you can change currently to prevent this from happening, so stop using ARSSE until KeFear fixes it.

1.4.0 will have some measures in place to prevent this, but at this time there won't be an update released to the dedicated server, because the exploit doesn't affect the server itself.

EnEsCe:
Lazy developer needs to fix his software.

*cough* KeFear *cough*

On a side note: (Customers of my server hosting don't need to worry about this)
You can make an iptables rule to block this exploit on outgoing TCP packets to your server port.

truup:
What about original admin program?

chrisgbk:
Original admin program is unaffected, but that's not to say it doesn't have it's own issues.

iDante:
hackers... seems like so much time is spent keeping loosers from breaking the game that could be spent making the game better... I suppose its life though.

Navigation

[0] Message Index

[#] Next page