User panel stuff on forum
  13 posts on 1 page  1
Server Talk
2014-05-28, 22:28
Administrator
2059 posts

Registered:
Jan 2006
As mentioned in the comments to this blog there is some kind of vulnerability in the commonly used KTX version. I (or Mushi rather ) thought this is news worthy but then where can the server gurus find the correct KTX version to use? And i assume nQuake also should be updated?
www.facebook.com/QuakeWorld
2014-05-30, 10:16
Administrator
1265 posts

Registered:
Jan 2006
yeah, to fix this server admins need to update to the newer ktx. They should clone this git repository: https://github.com/jite/ktx/
compile it, and restart the servers
never argue with an idiot. they'll bring you back to their level and then beat you with experience.
2014-05-30, 12:36
Administrator
114 posts

Registered:
Sep 2013
Any details about vuln? PoC maybe?

From upadted sources @ github - it seems to be possible to pass VIP flags with precompiled quake client that will be recognized by server. Am I right?
play.quake1.pl
2014-05-30, 14:08
Member
375 posts

Registered:
Sep 2009
d2 wrote:
it seems to be possible to pass VIP flags with precompiled quake client that will be recognized by server. Am I right?

Don't know much of the programming... but that's probably right!
I've done here (to test/proof), compiling ezQuake with a little, very little, change!
then, inside the compiled ezQuake, all you have to do is set a variable, then connect to a server: BOOM, all your commands are local commands, like if you were at the server shell...

(It's also a very danger security issue to the server machine, becouse depending on the server configs, you have access to the ENTIRE MACHINE FOLDER/FILES)
Like:
on Windows: Format c:\
on Linux: rm -Rf /
hehehehehe (ok, it's not that simple, but it's TRUE)
(QW Nickname: AL.Kernell)
2014-05-30, 14:43
Administrator
1025 posts

Registered:
Apr 2006
wernerml wrote:
d2 wrote:
it seems to be possible to pass VIP flags with precompiled quake client that will be recognized by server. Am I right?

Don't know much of the programming... but that's probably right!
I've done here (to test/proof), compiling ezQuake with a little, very little, change!
then, inside the compiled ezQuake, all you have to do is set a variable, then connect to a server: BOOM, all your commands are local commands, like if you were at the server shell...

(It's also a very danger security issue to the server machine, becouse depending on the server configs, you have access to the ENTIRE MACHINE FOLDER/FILES)
Like:
on Windows: Format c:\
on Linux: rm -Rf /
hehehehehe (ok, it's not that simple, but it's TRUE)

First part is correct, second part not necessarily. When you have the server console you can do stuff to allow yourself to upload files, from there one can insert scripts and make them execute on the remote machine. However they will only run as the same user as the qw server runs as. However if this is your normal account/super user account, I'd be a bit scared and fix this ASAP.

Security by obscurity, doesn't work.
2014-05-30, 15:30
Member
55 posts

Registered:
Oct 2011
I added the fix at the very moment to all of my servers.

That's rather scary, but now, "we"'re safe...
BaseQ.fr Administrator o/
2014-06-02, 13:57
Administrator
114 posts

Registered:
Sep 2013
For those of you wondering how to 'patch' it here is simple howto:

1. git clone https://github.com/jite/ktx
2. cd ktx
3. optional step: change version in ktx/include/g_local.h under MOD_VERSION (line 41) to something meaningful like 1.37-dev_patch1
4. ./configure
5. make dl
6. ls -altr (look for qwprogs.so)

copy new qwprogs.so to your ktx/ directory and restart server. If it fails to load progs.dat you also have to recompile mvdsv:
1. git clone https://github.com/jite/mvdsv
2. cd mvdsv/build/make/
3. ./configure
4. make
5. chmod 755 mvdsv

and then copy mvdsv to your ${quake_home}
play.quake1.pl
2014-06-03, 10:00
Administrator
1265 posts

Registered:
Jan 2006
Thanks d2 for the help

i've upgraded the wiki page "How to server"

http://wiki.quakeworld.nu/How_to_server
never argue with an idiot. they'll bring you back to their level and then beat you with experience.
2014-06-04, 21:24
News Writer
912 posts

Registered:
Jan 2006
I just did this on nl.besmella.com servers... looks to have worked... should the size be so much bigger than the previous one? more than double the size?
-rwxr-xr-x 1 root root 2841977 Jun 4 23:22 qwprogs.so*
-rw-r--r-- 1 root root 1062336 Oct 10 2013 qwprogs.so.old
2014-06-05, 06:58
Member
344 posts

Registered:
Nov 2006
It probably has debugging symbols included still. Try "strip qwprogs.so".
2014-06-05, 10:32
News Writer
912 posts

Registered:
Jan 2006
Tuna wrote:
It probably has debugging symbols included still. Try "strip qwprogs.so".
Is there any affect on the performance or memory usage if i don't do this?
2014-06-05, 13:04
News Writer
912 posts

Registered:
Jan 2006
Perfect, thanks!
  13 posts on 1 page  1