[cod] Vulnerability if auto download is enabled on cod/coduo servers?
Christian
satanic.surfer.666 at web.de
Thu May 18 08:45:05 EDT 2006
Hi!
I found this in the readme to the q3a/rtcw/et patches from id:
----------------
If you run a server with any older version, please upgrade or consider
turning off autodownload ( set sv_allowDownload to 0 ). Wolfenstein:
Enemy Territory servers http/ftp download feature is not affected by
CVE-2006-2082. If you don't wish to upgrade, you can decide to only
enable http/ftp downloads and disable legacy downloads in that
particular case.
---------------
--
Chris
Andre Lorbach schrieb:
>> -----Original Message-----
>> From: satanic.surfer.666 at web.de [mailto:satanic.surfer.666 at web.de]
>> Sent: Thursday, May 18, 2006 2:32 PM
>> To: cod at icculus.org
>> Subject: Re: [cod] Vulnerability if auto download is enabled
>> on cod/coduo servers?
>>
>> Hi!
>>
>> ID fixes 2 vulnerabilities in the patches for Q3A, RTCW and
>> ET. In one vulnerability the client was affected, in one
>> vulnerability the server as you can see in this advisory:
>>
>> http://secunia.com/advisories/19984/
>>
>
> Oh thx m8 I didnt see that before.
> This is not very good. This means an exploiter could be able to download
> all readable files from the server.
>
> Is turning off server side download sufficient as a workaround
> currently?
>
> --
> Regards
> deltaray
>
>
>
More information about the Cod
mailing list