r1ch.net forums
* Home Help Search Login Register
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!
Pages: [1] 2 3 ... 5
Print
Author Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!  (Read 76674 times)
R1CH
Administrator
Member

Posts: 2625



« on: January 27, 2005, 03:32:38 pm »


WARNING: This is an unsupported, unofficial release. It is provided AS IS with NO SUPPORT.

This is an updated Q2Admin (v1.17.43) that fixes a memory corruption bug and a huge security hole. This update is STRONGLY RECOMMENDED for EVERY server using Q2Admin 1.17 or later derivatives to avoid server instability and client compromises!

A new q2admin.txt setting, rcon_insecure is also added. If set to 1, lrcon commands will be treated as rcon and sent back to the client (older versions of Q2Admin use this behaviour). This is very insecure, so this setting defaults to 0. The downside is that client's won't see the output of their lrcon commands.

I'd also recommend disabling the "whois" feature in Q2Admin, it's extremely buggy and leaves the server open to remote compromise. I don't plan on "fixing" this as it's just too broken to even start.

Download links have been removed, 1.17.44 is now available. Use that instead:
http://www.r1ch.net/forum/index.php?topic=478.0

Linux build appears to work with both r1q2ded and r1q2ded-old. It's built with GCC 2.95.3 with GlibC 2.1 so should be quite compatible.

Do NOT contact me requesting new features!
Do NOT contact me regarding support!

This release only exists for the purpose of fixing crashes people are reporting with the latest version of r1q2ded in combination with Q2Admin. No further work will be done on Q2Admin by myself.


WARNING: This is an unsupported, unofficial release. It is provided AS IS with NO SUPPORT.

« Last Edit: June 03, 2005, 08:33:28 pm by R1CH » Logged
iENO
Member

Posts: 7


« Reply #1 on: January 27, 2005, 03:40:48 pm »

In case anyone familiar with my builds is wondering about the numbering scheme going on: this one comes AFTER 1.326d so be sure to update your servers if you're running any (pre-)1.326d release and don't forget to say 'thank you r1ch' while you're at it! Wink

See attached txtfile for custom settings...

* AppendSettings.txt (3.75 KB - downloaded 944 times.)
« Last Edit: January 27, 2005, 03:50:17 pm by iENO » Logged
WORM.
Member

Posts: 71


« Reply #2 on: January 27, 2005, 03:49:12 pm »

Thank you r1ch!  grin
Logged
_DOA_MERLYN
Member

Posts: 35



« Reply #3 on: January 27, 2005, 05:27:09 pm »


very nice, thanks guyz...  grin

Greetings to you iENO!  cool

Logged
GhettoKID
Member

Posts: 8


« Reply #4 on: January 27, 2005, 05:43:38 pm »

nice nice
Thanks
i just love to update my quake2 servers Tongue
Logged
DZ
Member

Posts: 26


« Reply #5 on: January 27, 2005, 07:35:35 pm »

Thank you R1CH. 

Now how do I install this thing.   cool

Logged
dk_sn1p3r
Member

Posts: 23


« Reply #6 on: January 28, 2005, 05:47:31 am »

iENO have you updated R1ch's q2 admin or is this the current version of q2admin?
Logged
GhettoKID
Member

Posts: 8


« Reply #7 on: January 28, 2005, 08:23:34 am »

After i changed to this Q2Admin version i got extra 50mb free mem
Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #8 on: January 28, 2005, 09:50:17 am »

My release is based on IENO's latest version.
Logged
QwazyWabbit
Member

Posts: 402


« Reply #9 on: January 28, 2005, 01:51:11 pm »

I'm confused. Is this based on killerbee's original 1.17? How far is iENO's fork departed from the last released 1.17? Is the source available somewhere?
Logged
_DOA_MERLYN
Member

Posts: 35



« Reply #10 on: January 28, 2005, 03:16:16 pm »


I think iENO has updated the source to v1.32, unless he scrapped that and went back and updated v1.17 with this new release...  there were lots of updates after v1.17 but not by the original author; I think the Q2Ace guys updated it for awhile after that (v1.18 to v1.31?) and then iENO went to work up to the present (I think it's v1.32a to v1.326d)...

« Last Edit: January 28, 2005, 03:18:27 pm by _DOA_MERLYN » Logged
R1CH
Administrator
Member

Posts: 2625



« Reply #11 on: January 28, 2005, 03:59:16 pm »

History of Q2Admin as I know it:

1.17
Last official release by KillerBee.

1.2x, 1.31?
Unofficial versions used to enforce Q2Ace.

1.32xxx
IENO's first modifications.

1.17.xx
IENO's further modifications adding new features and bug fixes.

1.17.43
This fixed version.
Logged
Nick
Member

Posts: 211


« Reply #12 on: January 28, 2005, 04:05:00 pm »

I had a version too!  But all I done was fix a thing quake2 ddayer's got up to.

This was the public version only:

http://www.nick.ukfsn.org/q2admin/

I also added a 'who voted this' in the display for everybody, but I don't think I ever released that code... I think Wink

Nick
Logged
fanny
Member

Posts: 27


« Reply #13 on: January 29, 2005, 03:18:25 am »

Since we installed this version of q2admin we get a lot of "player frozen for exceeding the speed limit" but the client(s) are not speeding or using hacked clients, any ideas??
Logged
mortalmatt
Member

Posts: 37


« Reply #14 on: January 29, 2005, 11:25:20 am »

keep up the good work, ieno and r1ch
Logged
Pages: [1] 2 3 ... 5
Print
r1ch.net  |  r1ch.net stuff  |  R1Q2  |  Topic: UNSUPPORTED, UNOFFICIAL Q2Admin Security Update!
Jump to:  

Powered by SMF 1.1.19 | SMF © 2013, Simple Machines