Is ETTV B9 vulnerable to the directory traversal bug?

Forum for discussing ET TV

Moderators: Forum moderators, developers

Post Reply
User avatar
Lekdevil.NL
Posts: 89
Joined: Fri Sep 12, 2003 8:59 am

Is ETTV B9 vulnerable to the directory traversal bug?

Post by Lekdevil.NL »

Topic says it all, really. Does this security vulnerability (CVE-2006-2082) occur in ETTV beta 9 as well? If so, any timeline for fixing it and releasing an update?

Thanks.
User avatar
arni
Posts: 188
Joined: Sun Feb 20, 2005 2:32 pm

Post by arni »

if it is we'd need an ettv b4 and a b7 release without the bug, the combination of these two is the only one that really works for productive use.

(btw: the "matchserver crash bug" i reported some time ago is also caused by connected b9 ettvs .....)
Image
User avatar
Spoofeh
Posts: 296
Joined: Sat Jul 26, 2003 4:50 am

Post by Spoofeh »

Not sure if this is an option for you:
Readme.txt wrote:Wolfenstein: Enemy Territory servers http/ftp download feature is not affected by CVE-2006-2082. If you don't wish to upgrade, you can decide to only enable http/ftp downloads and disable legacy downloads in that particular case.
User avatar
arni
Posts: 188
Joined: Sun Feb 20, 2005 2:32 pm

Post by arni »

looks to me like id software doesnt know their own code - at least for et setting cl_allowdownload 0 also turns of web download even if thats enabled.

so only solution is to turn it off completely
Image
User avatar
Lekdevil.NL
Posts: 89
Joined: Fri Sep 12, 2003 8:59 am

Post by Lekdevil.NL »

Yeah, what arni said (although cl_allowdownload is the client-side cvar controlling downloads). Setting sv_allowDownload to "0" will disable all types of download, both in-band and http/ftp.
User avatar
Lekdevil.NL
Posts: 89
Joined: Fri Sep 12, 2003 8:59 am

Post by Lekdevil.NL »

Any of the ETPro/ETTV developers care to comment, please?
User avatar
WeblionX
Posts: 762
Joined: Sun Sep 08, 2002 1:03 pm
Contact:

Post by WeblionX »

Not really, they're busy listening to vinyl on tube-amps and getting drunk while talking about the good ol' days. I hear they're planning on expanding it to a week long event, maybe even twice a year, so you might have to wait a little. :D
Got any old idtech3 tutorials you made or saved? Send them my way.
Post Reply