EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Place for people to discuss public servers, and also for admins to lay out the details of their servers
Post Reply
User avatar
purple_cow
Private First Class
Private First Class
Posts: 63
Joined: Sun Dec 15, 2002 9:24 pm

EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Post by purple_cow » Wed May 21, 2003 5:35 am

bzfs version 1.7g0 and below are vulnerable to a denial of service attack. An exploit for this has been written and released into the wild by a helpful fellow who goes by the name of "russian code molester."

Current CVS is not vulnerable to this bug, so please upgrade! This denail-of-service crashes bzfs, and may also be related to the rumors of a shell exploit. For help building CVS, please stop by the IRC channel.

[EDIT by fiberchunks] Hope this doesn't irritate captain_proton, but please, please please, upgrade your servers immediately. I have announcified this message[/quote]

Spaceman Spiff
Registered User
Registered User
Posts: 0
Joined: Fri Oct 28, 2005 11:59 pm

Post by Spaceman Spiff » Wed May 21, 2003 12:36 pm

*snicker* Sounds like a monkey escaped the zoo or something... "released into the wild"... hehehehehe. Okie.. sorry. On with the serious thread. ;)


P.S.- Is there something that you can do to the moron that put this out there?

User avatar
Chestal
Dev Guru
Dev Guru
Posts: 171
Joined: Fri Dec 06, 2002 11:56 pm
Location: Siegen, Germany
Contact:

Post by Chestal » Wed May 21, 2003 12:39 pm

Actually, current CVS is vulnerable, too, but only if the DoS is lucky. But this is only due to a bug in the DoS program, it can be easily modified to crash the CVS version, too. A fix will most probably be in CVS later today.

kernel panic
Registered User
Registered User
Posts: 0
Joined: Fri Oct 28, 2005 11:59 pm

Re: EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Post by kernel panic » Wed May 21, 2003 12:40 pm

captain_proton wrote:bzfs version 1.7g0 and below are vulnerable to a denial of service attack. An exploit for this has been written and released into the wild by a helpful fellow who goes by the name of "russian code molester."

Current CVS is not vulnerable to this bug, so please upgrade! This denail-of-service crashes bzfs, and may also be related to the rumors of a shell exploit. For help building CVS, please stop by the IRC channel.

[EDIT by fiberchunks] Hope this doesn't irritate captain_proton, but please, please please, upgrade your servers immediately. I have announcified this message
[/quote]

Ya know that most projects will package a new release over something like this.

User avatar
purple_cow
Private First Class
Private First Class
Posts: 63
Joined: Sun Dec 15, 2002 9:24 pm

Post by purple_cow » Wed May 21, 2003 1:38 pm

Yes, I know. Tim has been meaning to get around to cutting g2 but quite busy with the new job and all. This is just another reason to get it out.

User avatar
Chestal
Dev Guru
Dev Guru
Posts: 171
Joined: Fri Dec 06, 2002 11:56 pm
Location: Siegen, Germany
Contact:

Post by Chestal » Wed May 21, 2003 1:45 pm

Fix is in CVS now. bzfs might still be vulnerable to different kind of attacks, of course (but that is always true).

Post Reply