Security Vulnerabilities in <= 0.2.7.0
I dont know much about the security vunerabilitys and im not that intrested in finding out. Im sure that you guys do your best to fix them before they become too much of a problem.
However i have come across a site place where there expliots posted not only that (but as far as i can tell) the .exe to do them. Ive not gone through all the files on this website but there are afew exploits probably all of which are fixed. Just incase they arent fixed and just so you know that there maybe an easy way (the provided .exe file) for people that dont know about, to use them
It would be pretty irresponsible to post the site here even if the chances are you have already fixed the exploits. Pm's sent with the url to z-man and Tank.
However i have come across a site place where there expliots posted not only that (but as far as i can tell) the .exe to do them. Ive not gone through all the files on this website but there are afew exploits probably all of which are fixed. Just incase they arent fixed and just so you know that there maybe an easy way (the provided .exe file) for people that dont know about, to use them
It would be pretty irresponsible to post the site here even if the chances are you have already fixed the exploits. Pm's sent with the url to z-man and Tank.
Your welcome. Its pretty sad when someone provides, the details of exploits and the "proof of concepts" for purposes other than "education" but not only that and even worse the .exe file do it with. Little if any knowledge required.z-man wrote:Thanks, Matrox. Unless the content of the archives changed ( the description hasn't ), those are the exploits that were fixed.
The fixing of security exploits seems, on the whole (not specifically talking about armagetron) a pretty thankless task. It seems with alot of programmes when exploits are found, the developers get it in the neck for allowing these exploits to be in there "code". When fixed, they seem to get little, if any thanks. I guess people must think, if it was done properly in the first place then there wouldnt be any exploits to find. However, developers are only human and everybody makes mistakes and alot of the time, it seems, the discovered exploits are new ways that would have been an issue at the time of the programmes release.
Best of luck with all.
Luigi contacted us ( me&tank independently ) per mail months ago, and we did not act properly ( fix the bugs silently in a new release and informing Luigi about it ). Publishing everything is then the generally accepted way to force developers to finally get their lazy ass moving. And it worked. I can't have any hard feelings against him, althoug publishing ready to use exploits right from the start would not have been required.Matrox wrote:Its pretty sad when someone provides, the details of exploits and the "proof of concepts" for purposes other than "education" but not only that and even worse the .exe file do it with. Little if any knowledge required.
- Tank Program
- Forum & Project Admin, PhD
- Posts: 6711
- Joined: Thu Dec 18, 2003 7:03 pm
Just curious if this has gotten fully fixed in the newer releases? I know its not a huge security problem, but I've noticed that some vendors track security problems and they don't go away until there is a resolution. For example Debian has had Armamagetron listed in their vulnerable packages page since Feburary and because Armamagetron starts with the letter 'A' it is listed up at the top so you see it all the time, which kinda gives it a bad namez-man wrote:The freezes caused by the fake player attack are the same that are caused by exuberant ping real clients, they happen between rounds. They can't be fixed that easily, but they are far less severe now in 0.2.7.1.
The state of the temporary freezers is still the same as in 0.2.7.1; there's a configurable timeout value for them, so you can determine how long the server waits for the clients at max. Five seconds is the default, far less an annoyance than camping. So, attacking a server that way simply is not worthwile. What would be needed to truly make one lagging client not hold up others is a completely reworked round management, something we'll have to do anyway sometime.
Isn't the version Debian includes 0.2.7.0 only anyway?
Isn't the version Debian includes 0.2.7.0 only anyway?