[cod] SecurityFocus

Thu Feb 17 17:03:09 EST 2005

Hi,

My Quake 3 Arena 1.32 servers are fixed and tested with this patch.

Salu2

> Just an FYI, this patch doesn't seem to fix the vulnerability for Quake
> III Arena 1.32 servers (at least not on linux).
>
>
>
> On Thu, 17 Feb 2005, Nemeth wrote:
>
> > http://aluigi.altervista.org/adv/q3infoboom-adv.txt
> >
> > Nemeth
> >
> > Jolt Call of Duty Head Admin & PunksBusted.com Staff
> > cod.jolt.co.uk - #cod.jolt - punksbusted.com - #punksbusted
> >
> > todd at simops.com wrote:
> > > Ok, i missed the link to the patch...
> > > Wanna post it again for the blind?
> > > TLP
> > > ----- Original Message -----
> > > From: "Jay Vasallo" <jayco1 at charter.net>
> > > To: <cod at icculus.org>
> > > Sent: Thursday, February 17, 2005 12:50 AM
> > > Subject: Re: [cod] SecurityFocus
> > >
> > >
> > >
> > >>The beauty of running one main install versus one install per client.
> > >>Update one server and the rest get updated auto.
> > >>But yes his patch was nice, seeing that the lastest sof2 binaries were
not
> > >>patched fully.
> > >>
> > >>----- Original Message -----
> > >>From: "Matthew Keen" <Tali at heavenly-existance.net>
> > >>To: <cod at icculus.org>
> > >>Sent: Wednesday, February 16, 2005 11:41 PM
> > >>Subject: Re: [cod] SecurityFocus
> > >>
> > >>
> > >>
> > >>>Yeah we ran this patch on our SoF2 servers here down in the server
farm,
> > >>>works a treat, no more problems...
> > >>>
> > >>>Only annoying thing was taking the servers down first (or waiting for
> > >>>someoen to crash it) before I applied the patch on each server :)
> > >>>
> > >>>Jay Vasallo wrote:
> > >>>
> > >>>
> > >>>>I can feel your fustration. Untill recently, I had no idea I had a
> > >>>>"non-patched" sof2 linux binaries. Well someone banned someone for
> > >>>>cheating. So the little prick tracked down my range and keep taking
the
> > >>>>servers down three to 8 times a day. Since sof2 takes barely nothing
to
> > >>>>run, we place them on all one box. The exploit would crash every
server
> > >>>>on the box. Delta Ray fixed me right up with the Luigi patch and the
> > >>>>little hacker is now non-existant. So his patches certainly work. I
> > >
> > > could
> > >
> > >>>>guarantee that Ryan is gonna fix it up for the official release.
Ryan
> > >
> > > has
> > >
> > >>>>always done us right!
> > >>>>
> > >>>>-Jay
> > >>>>
> > >>>>
> > >>>>----- Original Message ----- From: "Ian mu" <mu.llamas at gmail.com>
> > >>>>To: <cod at icculus.org>
> > >>>>Sent: Wednesday, February 16, 2005 1:56 PM
> > >>>>Subject: Re: [cod] SecurityFocus
> > >>>>
> > >>>>
> > >>>>
> > >>>>>Yeah just want to apologise, if he has approached everyone and had
> > >>>>>negative feedback from them in terms of them fixing it (but then
again
> > >>>>>its tricky, if they aren't going to patch it for sure, isnt that
more
> > >>>>>reason to release a patch and not release the exploit?), then yes I
> > >>>>>can understand it more in truth, and I'm getting more of an
impression
> > >>>>>at least whilst I still wouldn't do it, he seems like someone who
at
> > >>>>>least has gone down the path of contacting the correct people, so
in
> > >>>>>that respect I'm probably a little hasty with comments, and fair
play
> > >>>>>to him on that side.
> > >>>>>
> > >>>>>I'm just in a bad mood as been trying to fix servers all day
because
> > >
> > > of
> > >
> > >>>>>it hehe.
> > >>>>>
> > >>>>
> > >>>
> > >>
> > >>
> > >
> > >
> > >
> >