lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 7 Jul 2010 08:48:46 -0600
From: houkouonchi@...kouonchi.jp
To: bugtraq@...urityfocus.com
Subject: Re: Re: Two independent vulnerabilities (client and server side)
 in Quake3 engine and many derived games

Have you tried some of the patches listed on this page?

http://aluigi.altervista.org/patches.htm#quake3

Maybe specifically?

http://aluigi.altervista.org/patches/q3rconz.lpatch
Quake 3  engine RCON half-second limit disabler (Windows and Linux) 0.1.2b
(q3rconz)
this patch disables the anti-bruteforcing check in the games that  use the Quake 3 engine for avoiding the Denial of Service (admins can't  use RCON) caused by the flooding of rcon packets (more info in the  file)
anyway remember that disabling this limitation naturally has  other negative sides effects like faster rcon brute forcing, so remember  to choose a strong rcon password

The other option is to ban players by iptables firewalling. I have a web-interface that does this as I was limited by the number of IPs that were able to be banned on a q3 engine based game (like 32).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ