[cod] Vulnerability if auto download is enabled on cod/coduo servers?
Christian
satanic.surfer.666 at web.de
Fri May 19 16:00:23 EDT 2006
Hi!
I think this is the best solution for this problem because i don't think
that a patch for this will be released...
I did the same at my cod and coduo server...
--
Chris
Andre Lorbach schrieb:
> Ty! Guess I gonna disable allowdownload on servers running older games
> like sof2 which remain unsupported.
>
> Regards,
> deltaray
>
>
>> -----Original Message-----
>> From: satanic.surfer.666 at web.de [mailto:satanic.surfer.666 at web.de]
>> Sent: Thursday, May 18, 2006 2:45 PM
>> To: cod at icculus.org
>> Subject: Re: [cod] Vulnerability if auto download is enabled
>> on cod/coduo servers?
>>
>> Hi!
>>
>> I found this in the readme to the q3a/rtcw/et patches from id:
>>
>> ----------------
>> If you run a server with any older version, please upgrade or
>> consider turning off autodownload ( set sv_allowDownload to 0
>> ). Wolfenstein:
>> Enemy Territory servers http/ftp download feature is not
>> affected by CVE-2006-2082. If you don't wish to upgrade, you
>> can decide to only enable http/ftp downloads and disable
>> legacy downloads in that particular case.
>> ---------------
>>
>> --
>> Chris
>>
>>
>>
>> Andre Lorbach schrieb:
>>
>>>> -----Original Message-----
>>>> From: satanic.surfer.666 at web.de [mailto:satanic.surfer.666 at web.de]
>>>> Sent: Thursday, May 18, 2006 2:32 PM
>>>> To: cod at icculus.org
>>>> Subject: Re: [cod] Vulnerability if auto download is enabled on
>>>> cod/coduo servers?
>>>>
>>>> Hi!
>>>>
>>>> ID fixes 2 vulnerabilities in the patches for Q3A, RTCW and ET. In
>>>> one vulnerability the client was affected, in one
>>>>
>> vulnerability the
>>
>>>> server as you can see in this advisory:
>>>>
>>>> http://secunia.com/advisories/19984/
>>>>
>>>>
>>> Oh thx m8 I didnt see that before.
>>> This is not very good. This means an exploiter could be able to
>>> download all readable files from the server.
>>>
>>> Is turning off server side download sufficient as a workaround
>>> currently?
>>>
>>> --
>>> Regards
>>> deltaray
>>>
>>>
>>>
>>>
>
>
More information about the Cod
mailing list