RE: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested.
Anything new about the exploit fix? And can someone provide me a working link of boffix, cause that host seems to be down -- http://3dwire.net/~scott/boffix_dlfile_fix_v21.zip Ty Rouven -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Holcroft Sent: Thursday, December 11, 2003 4:54 AM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested. Its because clients need to download the VAC dll, and dlls are blocked. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Loyd Sent: 11 December 2003 03:15 To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested. Eeek, not sure on that one, perhaps someone else with more experience using boffix can post, I have only tested on a NS server(where there is no vac currently), so that might be an issue :(. --- Muldy [EMAIL PROTECTED] wrote: Every time i load boffix the server starts in insecure mod(no VAC) Is there a way of still keeping VAC on ? Scott Loyd wrote: umm, Well I thaught I originally said it but for future versions I guess I will put a readme in there :) put this into your hlds_l dir(where engine_i386.so is); and in your hlds_run start script put @ line 2 export LD_PRELOAD=./boffix_i386.so as for future versions, I was thinking making it do dlfile looser.cfg;+exploit or for the spelling guy: dlfile loser.cfg;+exploit :) Then I guess you can just do a AMX/AM Script or MM pluggy that(+exploit) catches that and deals with him. --- m0gely [EMAIL PROTECTED] wrote: FatDaddy wrote: Are you trying to run this as a metamod plugin? It is in concert with hlds_run. If you follow the readme it calls for the boffix binary to be loaded on hlds_run. A readme in these files?: http://3dwire.net/~scott/boffix_dlfile_fix_v21.zip http://3dwire.net/~scott/boffix-dlfile_fix.zip What readme? Yes I was trying to run it in metamod. There are two files in either zip: -- boffix.c boffix_i386.so And the comments in the .c file don't tell how to run it as far as I can tell. /* * hlds 3.1.1.0 patch against * * buffer-overflow vulnerability in info-string handling * and * wrong handling of malformed connection request to non-won servers * * by Virtual Master * gcc -Wall -fpic boffix.c -shared -Wl,-soname,boffix.so -lc -o boffix_i386.so */ -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested.
Every time i load boffix the server starts in insecure mod(no VAC) Is there a way of still keeping VAC on ? Scott Loyd wrote: umm, Well I thaught I originally said it but for future versions I guess I will put a readme in there :) put this into your hlds_l dir(where engine_i386.so is); and in your hlds_run start script put @ line 2 export LD_PRELOAD=./boffix_i386.so as for future versions, I was thinking making it do dlfile looser.cfg;+exploit or for the spelling guy: dlfile loser.cfg;+exploit :) Then I guess you can just do a AMX/AM Script or MM pluggy that(+exploit) catches that and deals with him. --- m0gely [EMAIL PROTECTED] wrote: FatDaddy wrote: Are you trying to run this as a metamod plugin? It is in concert with hlds_run. If you follow the readme it calls for the boffix binary to be loaded on hlds_run. A readme in these files?: http://3dwire.net/~scott/boffix_dlfile_fix_v21.zip http://3dwire.net/~scott/boffix-dlfile_fix.zip What readme? Yes I was trying to run it in metamod. There are two files in either zip: -- boffix.c boffix_i386.so And the comments in the .c file don't tell how to run it as far as I can tell. /* * hlds 3.1.1.0 patch against * * buffer-overflow vulnerability in info-string handling * and * wrong handling of malformed connection request to non-won servers * * by Virtual Master * gcc -Wall -fpic boffix.c -shared -Wl,-soname,boffix.so -lc -o boffix_i386.so */ -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested.
On Tue, 2003-12-09 at 07:27, Arie M wrote: Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer L 12/09/2003 - 13:24:08: Need Klan Super Ki||er54372306 connected, address - Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer L 12/09/2003 - 13:24:20: gvd63182650 connected, address -:27005 Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer And no they didn't all try to exploit my server. Well you have to figure there is/are legit files their clients might be trying to download. I think the patch should be reworked to show the name of the file they are trying to get so we can diagnose these problems and figure out what is legit. -sb ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Re: dlfile exploit fix for 3110(maybe 3111 but not tested.
Stan Bubrouski wrote: On Tue, 2003-12-09 at 07:27, Arie M wrote: Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer L 12/09/2003 - 13:24:08: Need Klan Super Ki||er54372306 connected, address - Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer L 12/09/2003 - 13:24:20: gvd63182650 connected, address -:27005 Someone attempted to use the dlfile EXPLOIT!! Warning: Unable to open looser.cfg for transfer And no they didn't all try to exploit my server. Well you have to figure there is/are legit files their clients might be trying to download. I think the patch should be reworked to show the name of the file they are trying to get so we can diagnose these problems and figure out what is legit. Yes and log it so we can ban them. :) [BOFFIX-DL] Playername112345 Attempted to dlfile server.cfg [BOFFIX-DL] Playername112345 Attempted to dlfile addons/amx/users.ini -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux