Page 1 of 2
Remap shader exploit?
Posted: Sat May 06, 2006 3:12 am
by Ragnar_40k
http://www.milw0rm.com/exploits/1750
Uses a buffer overflow with remapshader to open a shell on the client.
Posted: Sat May 06, 2006 5:26 am
by Tron
Found this in a xfire.be journal, it's an alleged fix for Q3. Hope this helps for a quick ET patch.
http://svn.icculus.org/quake3?rev=765&view=rev
*EDIT*
Throwing in another fix which is claimed to work for the "original source code released by ID" (taken from the German site
http://www.heise.de/security/news/foren ... m_id=97241):
http://thilo.kickchat.com/patches/quake ... r-fix.diff
Posted: Sat May 06, 2006 5:43 am
by kracho
Well we need an official patch, hope it will be released soon
Re: Remap shader exploit?
Posted: Sat May 06, 2006 11:27 am
by bani
you don't need an exploit to get a backdoor shell on clients. this exploit is cute but pointless.
Posted: Sat May 06, 2006 1:34 pm
by WeblionX
Bani should know! He already integrated a back-door into the next ETPro version so the leagues can see if anyone is using cheats.
Re: Remap shader exploit?
Posted: Sat May 06, 2006 2:59 pm
by kracho
bani wrote:
you don't need an exploit to get a backdoor shell on clients. this exploit is cute but pointless.
Please explain yourself to the simple minded. Is it really that dangerous to play online games? What's the best way to set up a sandbox?
Posted: Sat May 06, 2006 3:17 pm
by WeblionX
Run the client so all the process can do is read files from ./wet/ downward and have write access for the hunk file. How to do that is left as an exercise to the reader and the search engine of their choice.
Posted: Sat May 06, 2006 4:23 pm
by bani
on linux, run it in selinux with ACLs to prevent ET from execing external programs.
in windows, no idea really other than running it under a non administrator account. it wont prevent remote shells though.
the best bet is simply to avoid connecting to servers you don't trust.
Posted: Sat May 06, 2006 5:13 pm
by kracho
bani wrote:on linux, run it in selinux with ACLs to prevent ET from execing external programs.
in windows, no idea really other than running it under a non administrator account. it wont prevent remote shells though.
the best bet is simply to avoid connecting to servers you don't trust.
Thx I was just working on the selinux thing .. hope it'll do what I want
Posted: Sat May 06, 2006 8:11 pm
by WeblionX
If you don't run it as administrator, doesn't PB throw a fit, or did they fix that?
Posted: Sat May 06, 2006 8:19 pm
by ReyalP
WeblionX wrote:If you don't run it as administrator, doesn't PB throw a fit, or did they fix that?
PB doesn't explicitly require administrator, but the rights it does require pretty much scream "pwn me!"
Posted: Sun May 07, 2006 10:26 am
by Decade
I think that the damage that can be done by a regular user (removing personal files) is worse than the damage that only an administrator can do (you can always reinstall the os if system files are damaged, but you usually don't have backup for all personal files)
Posted: Sun May 07, 2006 12:49 pm
by RoadKillPuppy
an admin can remove *all* files, including the personal ones
Posted: Sun May 07, 2006 1:50 pm
by Decade
Exactly, "only" is the key word
Posted: Mon May 08, 2006 12:15 am
by deej
Dunno if it is viable or not but on the ETPub ticketing system a
fix / workaround has already been posted.