 |
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 12:31
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 2 posts ] |
|
| Author |
Message |
|
ilu
|
Post subject: Q: ts3 beta23 exploit, persistent problems?  Posted: 24 Aug 2010 20:11 |
|
Joined: 24 Aug 2010 19:57
Posts: 1
|
|
Hi aluigi & others,
I tested your exploit for ts3 some weeks ago on my friends server.
My friend now got several security problems with the server (after ts3 server update).
I want to ask you if it's possible to create unintended new flaws or leave flaws on a root server with this exploit?!
Is there any potential that this exploit affects anything other than teamspeak?
Thanks for any response :)
Greetings
ilu
|
|
| Top |
|
 |
|
|
|
|
|
|
|
|
aluigivacancy
|
Post subject: Re: Q: ts3 beta23 exploit, persistent problems? Posted: 08 Sep 2010 09:36 |
|
Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
|
|
the fact is that the bug I found allowed to fully compromise the ts3 server software (not the server machine because it wasn't a code execution bug) so an attacker can create hidden admin accounts that he can use anytime he wants and I can't exclude other possible problems (only hypothesis) that an admin can exploit to gain access to the whole server (for example if there is a buffer-overflow in a function that only the admin can use).
your friend should delete the whole ts3 database or doing a long verification of all the user permissions
|
|
| Top |
|
|
|
|
Page 1 of 1
|
[ 2 posts ] |
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
|
|
