[bf1942] [BF42] EXPLOIT!

Phillip Marzi webmaster at ravencity.de
Wed Feb 25 20:41:51 EST 2004

No, it is not public yet because the guys who said that they have the 
exploit are not interested in making it public. At least that's what they 
said to me.

The picture shows a hlsw window (server monitoring tool) and a shell with 
some text output of bf server variables.
The last line of the output is a short text which says that the server is 

I've talked to someone who had said he had the code and asked him to 
demonstrate the exploit on my linux server, but the exploit had done really 
nothing, at least on my server which has the actual bf server version running.

After he had noticed that nothing happened to the server he told me that it 
only works on linux server older than 1.6RC2 or on windows servers.


At 19:53 25.02.2004 -0500, you wrote:
>At 01:38 AM 2/26/2004 +0100, you wrote:
>>Smells like a hoax if you ask me.
>>I'd wait with the insertion of code into my binaries and I recommend 
>>everyone else doing the same.
>I don't know about a hoax but I completely agree with your recommendation. 
>Editing code in a panic on the basis of one email to a list would be 
>unwise. For all we know at this point, the address was spoofed and the 
>edit is the exploit.
>I am not suggesting it is, just that anything can happen. That link brings 
>up a 404 page for me and I can't find a word about it on any of the 
>security sites, Google or Yahoo. If it does exist, it is not in the wild yet.
>Outgoing mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.591 / Virus Database: 374 - Release Date: 2/17/2004

More information about the Bf1942 mailing list