UPDATE YOUR SERVERS! file exploit is being actively abused

Discussion for Admins of ETPro/BayonET servers.
If you don't run a server, please don't post here...

Moderators: Forum moderators, developers

Post Reply
User avatar
ReyalP
Posts: 1663
Joined: Fri Jul 25, 2003 11:44 am

UPDATE YOUR SERVERS! file exploit is being actively abused

Post by ReyalP »

We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows anyone who can connect to your server to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.

Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.

you DO NOT have to update to the new etpro, or require the clients to update. Just update the server.

The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip
Last edited by ReyalP on Tue Aug 01, 2006 4:30 pm, edited 1 time in total.
send lawyers, guns and money
User avatar
mortis
Posts: 360
Joined: Tue Jul 06, 2004 11:57 pm
Location: at the center of the e-universe
Contact:

Post by mortis »

Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net

--Mortis
User avatar
deej
Posts: 743
Joined: Fri Mar 19, 2004 12:44 am
Location: Belgium!
Contact:

Post by deej »

I took the liberty of copying your post on the following sites:

- ETPub
- Jaymod
- Xfire.be
- Gamestv.org

I suggest other big news sites should be poked with the same information.
Our servers now run on 64 bit steroids. Point your ET to:
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
User avatar
ReyalP
Posts: 1663
Joined: Fri Jul 25, 2003 11:44 am

Post by ReyalP »

mortis wrote:Updated and running 3.2.6 beta 1 on 2.60b patch at newcastle.devrandom.net

--Mortis
I'm sure mortis already knew this, but just to pre-empt the inevitable confusion YOU DO NOT HAVE TO UPDATE ETPRO TO USE THE 2.60b or ETTV-B11 SERVER!
send lawyers, guns and money
User avatar
mortis
Posts: 360
Joined: Tue Jul 06, 2004 11:57 pm
Location: at the center of the e-universe
Contact:

Post by mortis »

Yep, but it pays to be thorough, methinks.
Roadie
Posts: 17
Joined: Mon Sep 19, 2005 1:54 pm

Post by Roadie »

My server got hacked in just this manner, as did a close buddy clan's server.

Mine is being updated as I type here.

I've taken the time to post this link on my own website and forums, as well on that of my server host's site.
Toxicdave
Posts: 1
Joined: Sun Sep 04, 2005 2:56 am
Location: Bath, UK

Post by Toxicdave »

Lo all :)

Upgraded to 2.60b running etpro 3.2.5 due to netcoder/nixcoder tards grabbing the rcon passwords and generally being annoying gimps. All worked fine for a couple of weeks, but now the problems have occurred again.

The server was reset, and the rcon pw was changed. There was no record of it anywhere other than on a piece of paper on a desk, it was in no server config files, or in any password caches.

2 minutes later they had changed the rcon pw again. Any ideas about this? Do we have a new exploit that forces a change in the rcon pw?

Thanks,

Toxic.
User avatar
bani
Site Admin
Posts: 2780
Joined: Sun Jul 21, 2002 3:58 am
Contact:

Post by bani »

proabably installed a backdoor on your server. wipe and reinstall from scratch, change passwords, etc.

i'd just file criminal charges with the police. done it before, it works. amazingly enough ISPs do respond to subpoenas. skript kiddies mighty suprised when police officers show up on their doorstep.
Herf
Posts: 99
Joined: Mon Jun 14, 2004 10:02 am

Post by Herf »

what charges did you file bani? Like what was the name of the crime? I guess crashing or attacking any server even a game server is illegal right now.

I would think, with WOW being a billion dollar business, that soon rather than later, they will make hacking games and such also illegal somehow. Probably would have to go after the coders who sell the hacks, I cant see much political/business support for criminal charges against the users.....

But if someone is selling 100 hacks, that mess with a game thats is sold, then that should be illegal. Heck it may even be illegal now? As one cannot make like an ET mod, even though its given away, and sell it right? So if Bani, selling his Banimod, would that be a criminal or just a civil offence?
User avatar
bani
Site Admin
Posts: 2780
Joined: Sun Jul 21, 2002 3:58 am
Contact:

Post by bani »

A while back a script kiddie from the colorado school of mines was attacking a server of mine. I tracked him down, reported him to the police. The police subpoena'd the school, the school provided evidence confirming the attacks. Apparently he had a prior history of script kiddiness and was lready on probation by the school. The police showed up on his doorstep and he confessed on the spot. They confiscated his computers, he was caught with stolen credit cards and was expelled from school. I'm guessing he's probably still in prison.

Did a similar thing with a kiddie at some australian university. Never heard back from the school but the attacks did stop permanently. Which proves that just being in another country is no guarantee you wont get busted.
User avatar
Fusen
Posts: 264
Joined: Wed Feb 11, 2004 8:00 pm
Contact:

Post by Fusen »

I'll never get busted

BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11

pwoned!!
________
Anime tube
Last edited by Fusen on Thu Mar 17, 2011 1:16 pm, edited 1 time in total.
User avatar
Deus
Posts: 1053
Joined: Fri Mar 12, 2004 2:24 am
Location: Germany
Contact:

Post by Deus »

Fusen wrote:I'll never get busted

BECAUSE i DELETED MY IP SO YOU CAN'T FIND ME!!11

pwoned!!
I know that is was 127.0.0.1
There is no way to escape evar!
User avatar
deej
Posts: 743
Joined: Fri Mar 19, 2004 12:44 am
Location: Belgium!
Contact:

Post by deej »

Deus wrote:I know that is was 127.0.0.1
There is no way to escape evar!
OMG this guy had the same IP, look what happened to him!
Our servers now run on 64 bit steroids. Point your ET to:
- Forgotten Ground StopWatch Server with occasional wolfrof 1
- Fraggle Rock ETPub Server - Mix up ET/UT & Duke Nukem
Post Reply