r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: Q2Admin 1.17.44 Released - CRITICAL UPDATE
Pages: [1] 2 3 4  All
Print
Author Topic: Q2Admin 1.17.44 Released - CRITICAL UPDATE  (Read 93872 times)
R1CH
Administrator
Member

Posts: 2625



« on: June 03, 2005, 08:24:29 pm »

While reviewing the Q2Admin code, I have discovered several critical vulnerabilities in the handling of certain commands that can lead to arbitrary code execution. An updated version, 1.17.44, is now available. Please update any servers using 1.17.43 immediately and please notify any admins you personally know who may be running vulnerable versions.

Linux binary:
http://r-1.ch/q2admin-1.17.44-linux-update.zip

Win32 binary:
http://r-1.ch/q2admin-1.17.44-win32-update.zip

Source code:
http://r-1.ch/q2admin-1.17.44-source.zip

Changes:
  • Patched two critical security bugs exploitable by remote users.

  • Patched a security bug exploitable by users with rcon.

  • Improved 'whois' command so it does not crash the server.

  • Long lrcon commands should no longer crash the server.

  • Removed broken NoCheat 2.34 version checking.

  • Added proper GPL headers to the source code.


Full details of the security issues will be released in three months.
« Last Edit: June 03, 2005, 08:45:43 pm by R1CH » Logged
WHO
Member

Posts: 26


« Reply #1 on: June 04, 2005, 06:22:12 am »

thx mate, can I ask:

Patched a security bug exploitable by users with rcon.


..........................:/  Huh

or should I ask privately in this matter?
Logged
Xtife
Guest
« Reply #2 on: June 04, 2005, 09:39:26 am »

are you maintaining q2admin now?

just wondering if this would be betetr then ar-admin
Logged
incith
Member

Posts: 27



« Reply #3 on: June 05, 2005, 12:50:37 am »

Is there a list of all the new settings since the last release on planetquake somewhere?

Also, great job R1CH, all around.. you have many a project. Smiley

Edit: And hello everyone!
Logged
Bossman
Member

Posts: 486


« Reply #4 on: June 05, 2005, 10:04:57 am »

 Here is one from iENO

Sorry bout that pasted wrong one here.
« Last Edit: June 05, 2005, 04:14:24 pm by Bossman » Logged
incith
Member

Posts: 27



« Reply #5 on: June 05, 2005, 11:13:51 am »

Is that the correct thread? embarassed

Edit:
Decided to search, had searched before mind you, but this time I searched for iENO in advanced search tongue
http://www.r1ch.net/forum/index.php?topic=253.0

Thanks. Smiley
« Last Edit: June 05, 2005, 11:20:50 am by incith » Logged
quadz
Member

Posts: 16


« Reply #6 on: June 05, 2005, 11:24:31 am »

Kick-ass, r1ch !!

On behalf of your fans at tastyspleen, YOU ROCK !!!!

Smiley

never-quadz
Logged
incith
Member

Posts: 27



« Reply #7 on: June 07, 2005, 02:42:00 am »

So I was setting up a server tonight for our clan, it was working fine, then I added q2admin (latest release by you), and now both r1q2ded and r1q2ded-old die saying that gamei386.so.real is API version 0.. both r1q2ded and -old run the .so when it is used without q2admin..

This is under Linux.

Regards~

Edit: Oops! Bleh. I had it .so.real. *laugh*
« Last Edit: June 07, 2005, 07:40:27 am by incith » Logged
dk_sn1p3r
Member

Posts: 23


« Reply #8 on: June 07, 2005, 04:41:06 pm »

iENO can you post your configs for the latest version of q2admin possibly i have no idea what all the new features for q2admin are and don't have the latest configs...

Any help would be appreciated!

Thx
Logged
Cocolino
Guest
« Reply #9 on: June 07, 2005, 04:42:50 pm »

command "!mute" does not work properly. Sad
maybe you can include this commant to r1q2ded ? 


Logged
Bossman
Member

Posts: 486


« Reply #10 on: June 08, 2005, 07:30:29 am »

  Are you doing it like thiis?

sv !mute matt  400

That would shut matt  up for 400 seconds

sv !mute [LIKE/RE/CL] name [time (seconds)/PERM

Hey dk_sn1p3r go up a few spots to  incith  he gots the page there.
« Last Edit: June 08, 2005, 07:33:44 am by Bossman » Logged
QwazyWabbit
Member

Posts: 402


« Reply #11 on: June 11, 2005, 10:23:33 pm »

What causes message "%s tried to flood the server (2)" to be sent by q2admin 1.17.44?
Logged
Snake
Member

Posts: 184


« Reply #12 on: June 12, 2005, 02:31:44 am »

Too many userinfo changes sent. From the q2admin.txt that I have:

; there's an exploit in q2admin which means that if you send a lot of
; userinfo changes to it then it overflows it's command
; queues and actually makes the player invisible to the q2admin but not
; the game or server.  this means none of q2admins checks will work.
; don't worry it's not commonly used but we did see that it was being used
; in the id3 modified ratbot as another level of throwing q2admin.
;
; this exploit can also be used to crash the server often with wierd
; messages like bad magic overflow (iirc).

; maximum amount of times a player can change their userinfo before being
; kicked for server flooding
;
userinfochange_count "40"


; amount of time in seconds a player can reach their maximum number of
; userinfo changes
;
userinfochange_time "60"
Logged
QwazyWabbit
Member

Posts: 402


« Reply #13 on: June 12, 2005, 07:48:08 am »

Thanks Snake,

That's exactly what was happening. The player had a hand 2/0 change in his attack binds.

QW
« Last Edit: June 12, 2005, 08:11:05 am by QwazyWabbit » Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #14 on: September 23, 2005, 04:53:57 pm »

Full details of the security issues will be released in three months.
Buffer overflow in admin/refereee logging code allows arbitrary code execution by any client. sprintf() of command line into 256 byte buffer, game over.
Buffer overflow in rcon password exploit logging function allows arbitrary code execution by any client trying to exploit the rcon password. sprintf() into 256 byte buffer with user-supplied parameters, boom.
Logged
Pages: [1] 2 3 4  All
Print
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: Q2Admin 1.17.44 Released - CRITICAL UPDATE
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines