![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]()
Post
#1
|
|
![]() ![]() Group: RtCW/ET-Division Joined: 3-December 04 From: Berlin, Germany Member No.: 1791 ![]() |
UPDATE YOUR SERVERS! File exploit is being actively abused.
QUOTE(reyalP) We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows that to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.
Anyone running a server with downloads enabled should update to 2.60b or the latest ettv. you DO NOT have to update to the new etpro, or require the clients to update. Just update the server. The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082 ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip -------------------- |
|
|
![]() ![]() |
![]() |
Lo-Fi Version | Time is now: 1st August 2024 - 06:51 AM |