EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Place for people to discuss public servers, and also for admins to lay out the details of their servers
Forum rules
Post Reply
User avatar
purple_cow
Private First Class
Private First Class
Posts: 63
Joined: Sun Dec 15, 2002 9:24 pm

EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Post by purple_cow »

bzfs version 1.7g0 and below are vulnerable to a denial of service attack. An exploit for this has been written and released into the wild by a helpful fellow who goes by the name of "russian code molester."

Current CVS is not vulnerable to this bug, so please upgrade! This denail-of-service crashes bzfs, and may also be related to the rumors of a shell exploit. For help building CVS, please stop by the IRC channel.

[EDIT by fiberchunks] Hope this doesn't irritate captain_proton, but please, please please, upgrade your servers immediately. I have announcified this message[/quote]
Top
Spaceman Spiff
Registered User
Registered User
Posts: 0
Joined: Fri Oct 28, 2005 11:59 pm

Post by Spaceman Spiff »

*snicker* Sounds like a monkey escaped the zoo or something... "released into the wild"... hehehehehe. Okie.. sorry. On with the serious thread. ;)


P.S.- Is there something that you can do to the moron that put this out there?
Top
User avatar
Chestal
Dev Guru
Dev Guru
Posts: 171
Joined: Fri Dec 06, 2002 11:56 pm
Location: Siegen, Germany
Contact:
Contact Chestal

Post by Chestal »

Actually, current CVS is vulnerable, too, but only if the DoS is lucky. But this is only due to a bug in the DoS program, it can be easily modified to crash the CVS version, too. A fix will most probably be in CVS later today.
Top
kernel panic
Registered User
Registered User
Posts: 0
Joined: Fri Oct 28, 2005 11:59 pm

Re: EXTREMELY IMPORTANT!! -- SERVER OPERATORS PLEASE READ

Post by kernel panic »

captain_proton wrote:bzfs version 1.7g0 and below are vulnerable to a denial of service attack. An exploit for this has been written and released into the wild by a helpful fellow who goes by the name of "russian code molester."

Current CVS is not vulnerable to this bug, so please upgrade! This denail-of-service crashes bzfs, and may also be related to the rumors of a shell exploit. For help building CVS, please stop by the IRC channel.

[EDIT by fiberchunks] Hope this doesn't irritate captain_proton, but please, please please, upgrade your servers immediately. I have announcified this message
[/quote]

Ya know that most projects will package a new release over something like this.
Top
User avatar
purple_cow
Private First Class
Private First Class
Posts: 63
Joined: Sun Dec 15, 2002 9:24 pm

Post by purple_cow »

Yes, I know. Tim has been meaning to get around to cutting g2 but quite busy with the new job and all. This is just another reason to get it out.
Top
User avatar
Chestal
Dev Guru
Dev Guru
Posts: 171
Joined: Fri Dec 06, 2002 11:56 pm
Location: Siegen, Germany
Contact:
Contact Chestal

Post by Chestal »

Fix is in CVS now. bzfs might still be vulnerable to different kind of attacks, of course (but that is always true).
Top
Post Reply

Return to “Servers: General Discussion”