[bf1942] bf1942 exploit
Brad Davidson
kiloman at oatmail.org
Wed Feb 26 16:43:07 EST 2003
Daniel Valois said:
> http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html
Seen it.
Along with the thing about spoofing the source IP on UDP packets when
requesting Gamespy info so that it floods the poor bastard that you
spoofed.
Would be nice if the SOB had tested with a modern version of BF. Rconsole
on 1.2 sucked ass in general, I'm sure there's a lot more stuff that could
kill it. Shit, I could kill it by using their actual rconsole tool
occasionally.
If you're worried about it right now, set up an IPFilter rule that only
allows connections to the rconsole port from certain IPs that you trust,
or use TCP Wrappers to do the same.
Actually, this is probably a good idea in general, since there's nothing
preventing anyone from brute-forcing the password over time.
This is Linux. If you're running BF as a priviledged user and don't have
any other security set up to prevent people from getting in to the system,
you're not prepared to use Unix. Firewall rules, chroot jails, and
nonpriviledged operation should be part of running ANY publically
accessable service, especially closed-source ones whose code integrity
cannot be verified.
More information about the Bf1942
mailing list