Update your servers! (4466 Views)
written by
deej
on 01.08.06 23:04
I am writing this as news to grab alot of attention since this one is a tricky one for all server admins.
ReyalP writes in the ETPro forums:
We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows that to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.
Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.
You DO NOT have to update to the new etpro, or require the clients to update. Just update the server.
The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip
So all server admins reading this, please update your server binary to either ET 2.60b or ETTV b11. This does not have any effect on the client side, it's only for the server!
For those of you wondering whether ETTV b11 will generate lag, you can set ettv_netblast to 2 which makes it behave like ETTV b4.
ReyalP writes in the ETPro forums:
We have had several reports that people are actively exploiting the download vulnerability that exists in et prior to 2.60b and ETTV prior to beta-10. This exploit allows that to download your server.cfg files (and thus obtain your passwords) and depending on your server configuration, may allow them to download other sensitive files outside of the et directory.
Anyone running a server with downloads enabled should update to 2.60b or the latest ettv.
You DO NOT have to update to the new etpro, or require the clients to update. Just update the server.
The bug: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-2082
ET 2.60b binaries (all platforms): ftp://ftp.idsoftware.com/idstuff/et/ET-2.60b.zip
So all server admins reading this, please update your server binary to either ET 2.60b or ETTV b11. This does not have any effect on the client side, it's only for the server!
For those of you wondering whether ETTV b11 will generate lag, you can set ettv_netblast to 2 which makes it behave like ETTV b4.
Comments
flms
Tuesday, 1st August 2006 23:56
So this means broadcasters would better update to 2.60b???
you can do that if you want to, but facing the fact that youre running ettv.x86 instead of etded.x86 for an ettv server this wont help you much - you'll have to take ettvb11 instead.
nice @ ping 0 or 1 @ b11 matchserv
Yeah ping calculation is still bugged. Workaround is to disable all downloads on your matchserver.
heh ye but that sux too when praccing sp_delivery2 for summercup :x
btw do u use things like ettv_mtu and stuff, and using netblast 2 now ?
whatsyour irc nick btw?
btw do u use things like ettv_mtu and stuff, and using netblast 2 now ?
whatsyour irc nick btw?
ettv_mtu only affects the master sending to the slave, so clients are not affected.
I ran some tests with netblast 1 which seems less laggy than before but still looses packets. netblast 2 I haven't tested yet.
My nick is r0f`deej but since my BNC disconnects too much I'm usually only on non-registered channels :<.
I ran some tests with netblast 1 which seems less laggy than before but still looses packets. netblast 2 I haven't tested yet.
My nick is r0f`deej but since my BNC disconnects too much I'm usually only on non-registered channels :<.
what settings did you test? (mtu)
8000 and 16000 as bani said on forums, but im using b12 now with 32000 like you said
zinx said, just use $bignumber
b12? pre-release version?
