[cod] Vulnerability if auto download is enabled on cod/coduo servers?
Andre Lorbach
alorbach at ro1.adiscon.com
Thu May 18 09:03:40 EDT 2006
Ty! Guess I gonna disable allowdownload on servers running older games
like sof2 which remain unsupported.
Regards,
deltaray
> -----Original Message-----
> From: satanic.surfer.666 at web.de [mailto:satanic.surfer.666 at web.de]
> Sent: Thursday, May 18, 2006 2:45 PM
> To: cod at icculus.org
> Subject: Re: [cod] Vulnerability if auto download is enabled
> on cod/coduo servers?
>
> Hi!
>
> I found this in the readme to the q3a/rtcw/et patches from id:
>
> ----------------
> If you run a server with any older version, please upgrade or
> consider turning off autodownload ( set sv_allowDownload to 0
> ). Wolfenstein:
> Enemy Territory servers http/ftp download feature is not
> affected by CVE-2006-2082. If you don't wish to upgrade, you
> can decide to only enable http/ftp downloads and disable
> legacy downloads in that particular case.
> ---------------
>
> --
> Chris
>
>
>
> Andre Lorbach schrieb:
> >> -----Original Message-----
> >> From: satanic.surfer.666 at web.de [mailto:satanic.surfer.666 at web.de]
> >> Sent: Thursday, May 18, 2006 2:32 PM
> >> To: cod at icculus.org
> >> Subject: Re: [cod] Vulnerability if auto download is enabled on
> >> cod/coduo servers?
> >>
> >> Hi!
> >>
> >> ID fixes 2 vulnerabilities in the patches for Q3A, RTCW and ET. In
> >> one vulnerability the client was affected, in one
> vulnerability the
> >> server as you can see in this advisory:
> >>
> >> http://secunia.com/advisories/19984/
> >>
> >
> > Oh thx m8 I didnt see that before.
> > This is not very good. This means an exploiter could be able to
> > download all readable files from the server.
> >
> > Is turning off server side download sufficient as a workaround
> > currently?
> >
> > --
> > Regards
> > deltaray
> >
> >
> >
>
More information about the Cod
mailing list