@Marco: <br><br>If you have a server <br>- without custom maps/mods/pam -> disable downloads: seta sv_allowDownload "0"<br>- with custom maps/mods/pam -> disable game console (set sv_disableClientConsole "1") + random .cfg name<br>
<br><br><br><div class="gmail_quote">On Tue, Sep 14, 2010 at 9:37 PM, Sheepa <span dir="ltr"><<a href="mailto:sheepa@sheepa.org">sheepa@sheepa.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Is there even any working POC for this?<br>
<br>
--------------------------------------------------<br>
From: "Marco Padovan" <<a href="mailto:evolutioncrazy@gmail.com" target="_blank">evolutioncrazy@gmail.com</a>><br>
Sent: Tuesday, September 14, 2010 8:14 PM<br>
To: "Call of Duty server admin list." <<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a>><div class="im"><br>
Subject: Re: [cod] Cfg download hacking<br>
<br>
</div><div><div></div><div class="h5"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I see...<br>
<br>
will take the "random cfg filename" path as all other workarounds are<br>
not acceptable for my use :(<br>
<br>
On Tue, Sep 14, 2010 at 8:01 PM, Morpheus <<a href="mailto:morpheus@clantoc.org" target="_blank">morpheus@clantoc.org</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
I think iptables is too low-level to deal with such specific hack attempts.<br>
At least you can use it to ban IP addresses you catch... It's sad it has not<br>
been fixed since discovery, with all the games that are using the<br>
codebase...<br>
<br>
Le 14/09/2010 19:32, Marco Padovan a écrit :<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
I'm aware of the exploits... was looking for some suggestion on how to<br>
fix them... even via iptables eventually...<br>
<br>
On Tue, Sep 14, 2010 at 6:56 PM, James Landi<<a href="mailto:jim@landi.net" target="_blank">jim@landi.net</a>> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
The exploit I just posted about could be an older version or not the<br>
same<br>
as described in this mail list thread.<br>
<br>
using the second link should give you a good list of quake based exploits<br>
you may want to watch for.<br>
<br>
Sorry for the wrong ling<br>
<br>
Jim Landi<br>
Rudedog<br>
FPSadmin.com<br>
Microsoft MVP, Games for Windows | Twitter@ therealrudedog<br>
<br>
<br>
On 9/14/10 12:25 PM, Morpheus wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
We're talking about the built-in download system, not the http redirect<br>
one, which you can control with symlinks and htaccess features. It's<br>
about a<br>
security hole that virtually exists in all q3-based games (at least for<br>
the<br>
net code).<br>
<br>
Le 14/09/2010 18:21, Mavrick a écrit :<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
Anyone tried symbolic links?<br>
<br>
On 14/09/2010 3:11 AM, Nosjp Nosjp wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<br>
The only one solution: set sv_allowDownload "0"<br>
<br>
On Mon, Sep 13, 2010 at 7:45 PM, Marco<br>
Padovan<<a href="mailto:evolutioncrazy@gmail.com" target="_blank">evolutioncrazy@gmail.com</a><br>
<mailto:<a href="mailto:evolutioncrazy@gmail.com" target="_blank">evolutioncrazy@gmail.com</a>>> wrote:<br>
<br>
We are having major hack attempts that consist in people<br>
downloading the cfg files.... currently we had to use random<br>
file names...<br>
<br>
is there any solid work around?<br>
<br>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><mailto:<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a>><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
<br>
<br>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</blockquote>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</blockquote>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</blockquote>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
<br>
</blockquote>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</blockquote>
<br>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
<br>
</blockquote>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a> <br>
</blockquote>
_______________________________________________<br>
cod mailing list<br>
<a href="mailto:cod@icculus.org" target="_blank">cod@icculus.org</a><br>
<a href="http://icculus.org/mailman/listinfo/cod" target="_blank">http://icculus.org/mailman/listinfo/cod</a><br>
</div></div></blockquote></div><br>