Welcome Guest ( Log In | Register )

Reply to this topicStart new topic
post Aug 1 2006, 01:17 AM
Post #1

Group Icon General of the Army

Group: RtCW/ET-Division

Joined: 3-December 04
From: Berlin, Germany
Member No.: 1791

UPDATE YOUR SERVERS! File exploit is being actively abused.

We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows that to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.

Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.

you DO NOT have to update to the new etpro, or require the clients to update. Just update the server.

The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip


Silver horses ran down moonbeams in your dark eyes.
Go to the top of the page
+Quote Post
post Sep 13 2006, 06:02 AM
Post #2


Group: Members

Joined: 13-September 06
Member No.: 33657

we also changed the passys in ours and saved them but DIDNT reboot the server for them to take effect , that way if some lametard decides to steal your server.cfg they get a totally dummy set of passwords :) just a tip
Go to the top of the page
+Quote Post
post Apr 30 2008, 12:25 PM
Post #3

Group Icon Staff Sergeant

Group: Members

Joined: 9-November 07
From: Eskishehir, Turkey
Member No.: 62324

All servers use 2.60 or 2.60b but some servers still use 2.55 !
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 17th January 2019 - 02:04 PM