Security Vulnerabilities in <= 0.2.7.0

News, what's going on with... Anything...
User avatar
blane
Project Advisor
Posts: 78
Joined: Tue Jun 08, 2004 3:26 pm
Location: Timbuktu
Contact:

Post by blane »

oh doh.. i haven't seen the attachments from luigis advisory... please ignore my ignorance :)
/* I have the heart of a small child. It sits on my desk in a jar. */
User avatar
iceman
Reverse Adjust Outside Corner Grinder
Posts: 2448
Joined: Fri Jan 09, 2004 9:54 am
Location: Yorkshire, England. Quote: Its the fumes, they make one want to play
Contact:

Post by iceman »

thanks z-man this is what I was hinting at , didnt expect such a detailed answer
Image He who laughs last, probably has a back-up
Image
Image
sorry about the large animated gif
User avatar
Matrox
Core Dumper
Posts: 181
Joined: Fri Jun 11, 2004 3:51 pm
Location: Yorkshire, England.

Post by Matrox »

I dont know much about the security vunerabilitys and im not that intrested in finding out. Im sure that you guys do your best to fix them before they become too much of a problem.

However i have come across a site place where there expliots posted not only that (but as far as i can tell) the .exe to do them. Ive not gone through all the files on this website but there are afew exploits probably all of which are fixed. Just incase they arent fixed and just so you know that there maybe an easy way (the provided .exe file) for people that dont know about, to use them

It would be pretty irresponsible to post the site here even if the chances are you have already fixed the exploits. Pm's sent with the url to z-man and Tank.
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Post by Z-Man »

Thanks, Matrox. Unless the content of the archives changed ( the description hasn't ), those are the exploits that were fixed. The fake player DOS has some impact still ( longer pauses between rounds ), but it's not blocking connections unless you start simultaneous attacks from several IPs.
User avatar
Matrox
Core Dumper
Posts: 181
Joined: Fri Jun 11, 2004 3:51 pm
Location: Yorkshire, England.

Post by Matrox »

z-man wrote:Thanks, Matrox. Unless the content of the archives changed ( the description hasn't ), those are the exploits that were fixed.
Your welcome. Its pretty sad when someone provides, the details of exploits and the "proof of concepts" for purposes other than "education" but not only that and even worse the .exe file do it with. Little if any knowledge required.

The fixing of security exploits seems, on the whole (not specifically talking about armagetron) a pretty thankless task. It seems with alot of programmes when exploits are found, the developers get it in the neck for allowing these exploits to be in there "code". When fixed, they seem to get little, if any thanks. I guess people must think, if it was done properly in the first place then there wouldnt be any exploits to find. However, developers are only human and everybody makes mistakes and alot of the time, it seems, the discovered exploits are new ways that would have been an issue at the time of the programmes release.

Best of luck with all. :wink:
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Post by Z-Man »

Matrox wrote:Its pretty sad when someone provides, the details of exploits and the "proof of concepts" for purposes other than "education" but not only that and even worse the .exe file do it with. Little if any knowledge required.
Luigi contacted us ( me&tank independently ) per mail months ago, and we did not act properly ( fix the bugs silently in a new release and informing Luigi about it ). Publishing everything is then the generally accepted way to force developers to finally get their lazy ass moving. And it worked. I can't have any hard feelings against him, althoug publishing ready to use exploits right from the start would not have been required.
User avatar
Tank Program
Forum & Project Admin, PhD
Posts: 6711
Joined: Thu Dec 18, 2003 7:03 pm

Post by Tank Program »

z-man wrote:[Luigi contacted us ( me&tank independently ) per mail months ago
Well, I only got his email a while b4 I remembered to post about it in the devel only section...
Image
hacim
Posts: 2
Joined: Thu Mar 17, 2005 5:36 am

Post by hacim »

z-man wrote:The freezes caused by the fake player attack are the same that are caused by exuberant ping real clients, they happen between rounds. They can't be fixed that easily, but they are far less severe now in 0.2.7.1.
Just curious if this has gotten fully fixed in the newer releases? I know its not a huge security problem, but I've noticed that some vendors track security problems and they don't go away until there is a resolution. For example Debian has had Armamagetron listed in their vulnerable packages page since Feburary and because Armamagetron starts with the letter 'A' it is listed up at the top so you see it all the time, which kinda gives it a bad name :|
User avatar
Z-Man
God & Project Admin
Posts: 11585
Joined: Sun Jan 23, 2005 6:01 pm
Location: Cologne
Contact:

Post by Z-Man »

The state of the temporary freezers is still the same as in 0.2.7.1; there's a configurable timeout value for them, so you can determine how long the server waits for the clients at max. Five seconds is the default, far less an annoyance than camping. So, attacking a server that way simply is not worthwile. What would be needed to truly make one lagging client not hold up others is a completely reworked round management, something we'll have to do anyway sometime.
Isn't the version Debian includes 0.2.7.0 only anyway?
Post Reply