Remap shader exploit?

Ragnar_40k · Post by **Ragnar_40k** » Sat May 06, 2006 3:12 am

http://www.milw0rm.com/exploits/1750

Uses a buffer overflow with remapshader to open a shell on the client.

Tron · Post by **Tron** » Sat May 06, 2006 5:26 am

Found this in a xfire.be journal, it's an alleged fix for Q3. Hope this helps for a quick ET patch.

http://svn.icculus.org/quake3?rev=765&view=rev

*EDIT*
Throwing in another fix which is claimed to work for the "original source code released by ID" (taken from the German site http://www.heise.de/security/news/foren ... m_id=97241):

http://thilo.kickchat.com/patches/quake ... r-fix.diff

kracho · Post by **kracho** » Sat May 06, 2006 5:43 am

Well we need an official patch, hope it will be released soon

Post by **bani** » Sat May 06, 2006 11:27 am

Ragnar_40k wrote:http://www.milw0rm.com/exploits/1750

Uses a buffer overflow with remapshader to open a shell on the client.

you don't need an exploit to get a backdoor shell on clients. this exploit is cute but pointless.

WeblionX · Post by **WeblionX** » Sat May 06, 2006 1:34 pm

Bani should know! He already integrated a back-door into the next ETPro version so the leagues can see if anyone is using cheats.

kracho · Post by **kracho** » Sat May 06, 2006 2:59 pm

bani wrote:
Ragnar_40k wrote:http://www.milw0rm.com/exploits/1750

Uses a buffer overflow with remapshader to open a shell on the client.
you don't need an exploit to get a backdoor shell on clients. this exploit is cute but pointless.

Please explain yourself to the simple minded. Is it really that dangerous to play online games? What's the best way to set up a sandbox?

WeblionX · Post by **WeblionX** » Sat May 06, 2006 3:17 pm

Run the client so all the process can do is read files from ./wet/ downward and have write access for the hunk file. How to do that is left as an exercise to the reader and the search engine of their choice.

Post by **bani** » Sat May 06, 2006 4:23 pm

on linux, run it in selinux with ACLs to prevent ET from execing external programs.

in windows, no idea really other than running it under a non administrator account. it wont prevent remote shells though.

the best bet is simply to avoid connecting to servers you don't trust.

kracho · Post by **kracho** » Sat May 06, 2006 5:13 pm

bani wrote:on linux, run it in selinux with ACLs to prevent ET from execing external programs.

in windows, no idea really other than running it under a non administrator account. it wont prevent remote shells though.

the best bet is simply to avoid connecting to servers you don't trust.

Thx I was just working on the selinux thing .. hope it'll do what I want

WeblionX · Post by **WeblionX** » Sat May 06, 2006 8:11 pm

If you don't run it as administrator, doesn't PB throw a fit, or did they fix that?

ReyalP · Post by **ReyalP** » Sat May 06, 2006 8:19 pm

WeblionX wrote:If you don't run it as administrator, doesn't PB throw a fit, or did they fix that?

PB doesn't explicitly require administrator, but the rights it does require pretty much scream "pwn me!"

Decade · Post by **Decade** » Sun May 07, 2006 10:26 am

I think that the damage that can be done by a regular user (removing personal files) is worse than the damage that only an administrator can do (you can always reinstall the os if system files are damaged, but you usually don't have backup for all personal files)

RoadKillPuppy · Post by **RoadKillPuppy** » Sun May 07, 2006 12:49 pm

an admin can remove *all* files, including the personal ones

Decade · Post by **Decade** » Sun May 07, 2006 1:50 pm

Exactly, "only" is the key word

deej · Post by **deej** » Mon May 08, 2006 12:15 am

Dunno if it is viable or not but on the ETPub ticketing system a fix / workaround has already been posted.

banimod / etpro / ettv forums

Remap shader exploit?

Remap shader exploit?

Re: Remap shader exploit?

Re: Remap shader exploit?