lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060628205736.b012529d.aluigi@autistici.org>
Date: Wed Jun 28 19:53:52 2006
From: aluigi at autistici.org (Luigi Auriemma)
Subject: Re: Files and cvars overwriting in Quake 3 engine
 (1.32c / rev 803 / ...)


A small correction:

The cd-key stealing is not possible since the master server address is
built-in in the client code.
Sorry for this wrong info, I added it almost two weeks ago while taking
note of the possible ways for exploitating these bugs and forgot to
recheck this method.

I have updated the proof-of-concept simply adding the cl_allowdownload
cvar, so is no longer needed to enable "Automatic Downloading" on the
client since any client with this option disabled or enabled will start
to overwrite any file in the system decided by the server of the attacker
which has full control over the client's cvars (those write protected
too, just like fs_homepath).

As already said the PoC is very very basic, relaunch the server or
change map if you want to re-overwrite the same file on the same client
(useless info, I tell you only in case you are not able to re-overwrite
the same file during the same server session and don't know why).


BYEZ


--- 
Luigi Auriemma
http://aluigi.org
http://mirror.aluigi.org

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ