| New FDS exploit fix (players can use admin commands) [message #164626] |
Thu, 28 July 2005 16:24  |
TimeFX
Messages: 25
Registered: January 2004
Location: Germany
Karma: 0
|
Recruit |
|
|
While going through linux server code I found a function what allows players to execute any console command on the server. For example every player can kick every other player on the server, players can send host message, players can shutdown the server and so on.
I made the patch for linux RH7 & RH8 and Windows dedicated server. Patching the windows game client isn't possible since RenGuard would disallow the change. I compiled the linux binary under SuSE 9.2 - hope it works.
Remember: You should make a backup of your renegade binary before patching.
To use the patch use "./rr_patch01 <your binary>"
Using the patch again will remove the changes.
Linux patcher: http://www.icefinch.net/rr/rr_patch01
Windows patcher: http://www.icefinch.net/rr/rr_patch01.exe
If you experience crashes after patching (which shouldn't happen) please report me your FDS version and the address where the crash occurred.
Greets,
TimeFX
IMPORTANT NOTE:
RenGuard 1.03 does NOT protect you from this exploit.
**EDIT**
This patch is CP1 compatible.
RH8: successfully tested
RH7: no feedback
WIN: no feedback
[Updated on: Thu, 28 July 2005 16:43] Report message to a moderator |
|
|
|
 Re: New FDS exploit fix (players can use admin commands) [message #164629 is a reply to message #164626] |
Thu, 28 July 2005 16:36  |
=HT=T-Bird
Messages: 712
Registered: June 2005
Karma: 0
|
Colonel |
|
|
Nice Catch! Looks like a good fix to stick in SSCP2. (once it gets some testing, of course)
HTT-Bird (IRC)
HTTBird (WOL)
Proud HazTeam Lieutenant.
BlackIntel Coder & Moderator.
If you have trouble running BIATCH on your FDS, have some questions about a BIATCH message or log entry, or think that BIATCH spit out a false positive, PLEASE contact the BlackIntel coding team and avoid wasting the time of others.
|
|
|
|
| Re: New FDS exploit fix (players can use admin commands) [message #164632 is a reply to message #164629] |
Thu, 28 July 2005 16:45 |
TimeFX
Messages: 25
Registered: January 2004
Location: Germany
Karma: 0
|
Recruit |
|
|
| =HT=T-Bird wrote on Fri, 29 July 2005 01:36 |
Nice Catch! Looks like a good fix to stick in SSCP2. (once it gets some testing, of course)
|
Thanks 
The exploit works in both directions, so server admins could execute console commands at the player's win client.
So they should fix that in client CP too 
But why waiting for SSCP2?
PS: Westwood sucks for adding this 'feature'...
[Updated on: Thu, 28 July 2005 16:45] Report message to a moderator |
|
|
|
|
|
| Re: New FDS exploit fix (players can use admin commands) [message #164635 is a reply to message #164626] |
Thu, 28 July 2005 17:31 |
|
|
Well it just so happens that scripts.dll/bhs.dll 2.1.3 (which will be out as soon as I fix a few things)
will disable these network events on both the client and the server (and a few others too)
Jonathan Wilson aka Jonwil
Creator and Lead Coder of the Custom scripts.dll
Renegade Engine Guru
Creator and Lead Coder of TT.DLL
Official member of Tiberian Technologies
|
|
|
|
|
|
|
|
|
|
|
|
Search
Help
Members
Register
Login
Home
