Admin Mod Hack!

RueRue Join Date: 2002-10-21 Member: 1564Members
in General Server Discussion
<div class="IPBDescription">Server admins read</div> <a href='http://online.securityfocus.com/archive/1/306120/2003-01-07/2003-01-13/0' target='_blank'>http://online.securityfocus.com/archive/1/...07/2003-01-13/0</a>

its only realy been seen on CS servers but it can happen to any server runing admin mod, not alot use it but its worth knowing
Off Topic Disagree Agree Awesome

Comments

  • j0ej0e Join Date: 2002-11-01 Member: 2840Banned
    if you disable rcon you are completely safe until mp.dll, metamod.dll, adminmod_mm.dll and any other plugin that can execute code on clients have been patched

    to disable rcon put this in server.cfg

    rcon_password ""
    Off Topic Disagree Agree Awesome
  • greydmiyugreydmiyu Join Date: 2002-11-18 Member: 9234Members
    Uhm, yeah. This is news? I hate to break it to these people but if the attacker knows rcon there's not much they cannot do. As I read it the attacker needs to know rcon first. IE this isn't a method to obtain rcon. Soooo, this is not a server operator issue. This is a client issue as the exploit is to get shells from the clients attached to the server, not from the server.

    Risk for most people: low. Why? Who's got rcon these days outside of the admin of the box? His comments about getting rcon because it is transmitted in clear-text is a little, uhm, simplistic. Sure you could sniff it, if you somehow got a machine between the person issuing rcon and the server box. That isn't "trivial". In fact if someone could do that I doubt they'd mess with half-life clients.
    Off Topic Disagree Agree Awesome
  • j0ej0e Join Date: 2002-11-01 Member: 2840Banned
    edited January 2003
    grey i agree the risk is low, and to target a specific box would be very difficult

    the problem is there are 100,000 script kiddies who like to mess with people and when they find out about this, they will start packet sniffing their local DSL or cable model networks for "rcon_password". then as soon as they get the hack working on the server they can do anything they want to anyone who connects to that server. so you can say the risk is low, but until everyone upgrades their servers, there will be a risk of getting hacked when you connect to an unknown/untrusted server.

    by the way - the real problem is in the client. valve will have to release a client patch to permanently fix this
    Off Topic Disagree Agree Awesome
  • BioHazardBioHazard Join Date: 2002-11-07 Member: 7495Members
    edited January 2003
    already reported to this forum just a few posts back....


    <a href='http://www.unknownworlds.com/forums/index.php?act=ST&f=8&t=19422' target='_blank'>http://www.unknownworlds.com/forums/in...=ST&f=8&t=19422</a>

    and here is a temporary fix.

    <a href='http://www.unknownworlds.com/forums/index.php?act=ST&f=8&t=19388' target='_blank'>http://www.unknownworlds.com/forums/in...=ST&f=8&t=19388</a>
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.