Not to mention try understanding how miniscule a problem it really is and from what direction. I mean since you worded it that way I bet you're not aware that the exploit results in a remote shell from <b>clients</b> connecting to the game server and that it requires the attacker to know the rcon password of the server. If they know the rcon server they can do a lot more to the server. IE, this is not a problem that should be addressed to server operators like it is some big issue for them. For most it isn't. It should be addressed to the <b>players</b> as an attacker could set up a server and wait for an unsuspecting client to connect.
do you guys remember when a person spoofed the idSoftware ip's and changed all the quake server names and would restart the servers over and over? all it took was banning the specific block of ip's that idsoftware owned. such is the case with this... don't use a rcon password. problem solved. need rcon? search this forum for the plugin released to allow those with auth on ns to rcon without the password. case solved.
Moreover, AM has been patched to address the exploit. The only remaining expliots are for HLDS. Those would work regardless of AM/AMX. But thanks for the FUD.
Comments
all it took was banning the specific block of ip's that idsoftware owned.
such is the case with this... don't use a rcon password. problem solved.
need rcon? search this forum for the plugin released to allow those with auth on ns to rcon without the password.
case solved.
If you had "read" you wouldnt have posted <!--emo&:)--><img src='http://www.unknownworlds.com/forums/html/emoticons/smile.gif' border='0' valign='absmiddle' alt='smile.gif'><!--endemo-->
Kilmster: Just saw it that day on PHL, assumed it was new news.
<a href='http://amxmod.net' target='_blank'>http://amxmod.net</a>
ownz !
lemme think....
nada.
All that said, I've converted to AMX.