sl.Home | sl.Search | sl.Forum | sl.Settings | sl.Serverlist | sl.Maplist | sl.Team | sl.Wiki |
UPDATE YOUR SERVERS!, RTCWET |
Aug 1 2006, 01:17 AM
Post
#1
|
|
General of the Army Group: RtCW/ET-Division Joined: 3-December 04 From: Berlin, Germany Member No.: 1791 |
UPDATE YOUR SERVERS! File exploit is being actively abused.
QUOTE(reyalP) We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows that to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.
Anyone running a server with downloads enabled should update to 2.60b or the latest ettv. you DO NOT have to update to the new etpro, or require the clients to update. Just update the server. The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082 ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip -------------------- |
|
|
Sep 13 2006, 06:02 AM
Post
#2
|
|
Private Group: Members Joined: 13-September 06 Member No.: 33657 |
we also changed the passys in ours and saved them but DIDNT reboot the server for them to take effect , that way if some lametard decides to steal your server.cfg they get a totally dummy set of passwords :) just a tip
|
|
|
Apr 30 2008, 12:25 PM
Post
#3
|
|
Staff Sergeant Group: Members Joined: 9-November 07 From: Eskishehir, Turkey Member No.: 62324 |
All servers use 2.60 or 2.60b but some servers still use 2.55 !
|
|
|
Lo-Fi Version | Time is now: 28th April 2024 - 01:34 AM |