Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 11:44

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 22 posts ] 
Author Message
 Post subject: q3dirtrav fix
PostPosted: 04 Oct 2007 09:59 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
Quake 3 engine universal directory traversal fix (Windows) 0.1

The experimental patch for almost any Windows executables of the games based on the Quake 3 engine (vulnerable to the directory traversal bug exploitable when sv_allowdownload 1 is enabled) is finally out:

http://aluigi.org/patches.htm#quake3

The file is a simple executable so there is no need to use lpatch, just click&select&patch.

Comments, ideas and feedback are welcome.


Top
 Profile  
 
 
 Post subject:
PostPosted: 26 Oct 2007 03:07 

Joined: 26 Oct 2007 02:46
Posts: 1
i cant get this to work on jedi academy i go threw and select jamp.exe and it comes up with

Quote:
Cmd_Argv: the needed binary pattern has not been found


Top
 Profile  
 
 Post subject:
PostPosted: 26 Oct 2007 09:58 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
You must patch the dedicated server as written in the first screen of the patcher (the last line)


Top
 Profile  
 
 Post subject:
PostPosted: 19 Nov 2007 20:16 

Joined: 19 Nov 2007 02:40
Posts: 8
Aloha Luigi,

i was wondering if you could help me patch my 1.04 JK2 LINUX server. the server has been exploited a few times. thank you for your help


Top
 Profile  
 
 Post subject:
PostPosted: 20 Nov 2007 15:14 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
At the moment there is no patch for Linux servers.
Is better if you disable sv_allowdownload


Top
 Profile  
 
 Post subject:
PostPosted: 20 Nov 2007 16:00 

Joined: 19 Nov 2007 02:40
Posts: 8
hmm i changed cvar to "0" before and the server was still exploited, maybe it was a different exploit


Top
 Profile  
 
 Post subject:
PostPosted: 20 Nov 2007 18:42 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
As far as I know the directory traversal caused by the internal downloading function of the server is the only known way to get files from a remote server.
So disabling sv_allowdownload removes the bug.
If your server.cfg file is still "stolen" it's another bug for sure although very strange


Top
 Profile  
 
 Post subject:
PostPosted: 20 Nov 2007 23:02 

Joined: 19 Nov 2007 02:40
Posts: 8
they also placed a .cfg file into my server directory, any ideas?

i was wondering maybe they exploited it thru another daemon like SSHD? but i dont think they got root


Top
 Profile  
 
 Post subject:
PostPosted: 21 Nov 2007 11:27 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
As far as I know is not possible the Quake 3 engine doesn't have a function which allow uploads (only clients can receive files) so I could exclude a new bug in the engine.
In this case the hypotesis of an attack to another service of your machine seems more probable.


Top
 Profile  
 
 Post subject:
PostPosted: 21 Nov 2007 18:09 

Joined: 16 Oct 2007 18:47
Posts: 23
maybe the downloaded your /etc/passwd file and logged in via ssh if it is enabled ( just an idea :=) )


Top
 Profile  
 
 Post subject:
PostPosted: 22 Nov 2007 02:10 

Joined: 19 Nov 2007 02:40
Posts: 8
well, it must not have been thru jk2 because that is run under a low access account which cant read the passwd/shadow files

i think they must have rooted something else


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 11:40 

Joined: 07 Nov 2007 18:03
Posts: 2
Hey aluigi do you have a patch for the linux version too?


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 14:37 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
no patch for Linux


Top
 Profile  
 
 Post subject:
PostPosted: 02 Jan 2008 17:32 

Joined: 07 Nov 2007 18:03
Posts: 2
:O but howto fix it in linux? there are the same problems.
We have tryed it but we stick into a problem.


Attachments:
File comment: fix.txt
fix.txt [1.94 KiB]
Downloaded 267 times
Top
 Profile  
 
 Post subject:
PostPosted: 05 May 2008 03:43 

Joined: 03 Jan 2008 19:50
Posts: 3
hi, i patched my quake3 game with the dirtravfix and now there always show up a message if i want to connect to a server 'cl_parservermessage: illegabile server message''

can anyone help me? or how can i unpatch the game? pls help! :(


Top
 Profile  
 
 Post subject:
PostPosted: 05 May 2008 11:23 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
You can unpatch the game simply renaming the backup file which was created (asked) when you used lpatch, otherwise just restore the original clean executable.
if you no longer have it apply the latest official patch of your game which will recreate it.

A fix for linux doesn't exists at the moment and I will never do it.
The fix for windows was only a thing I wanted to do for curiosity to see if there was an universal way to do it, the alternative fix is disabling sv_allowdownload.

Anyway on Linux hooking is a joke to realize so maybe possible to write a hooker for avoiding the reading/downloading of certain files depending by the functions on which you can apply the hook (I don't have interest in doing it so don't ask).


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 19:49 

Joined: 03 Jan 2008 19:50
Posts: 3
oh man... nothing against u and all... ur toolz are all great but this fix now fucked up my game... i did everything u told me to do - repatched my game... i repatched the mod i play (exsessiveplus) nothing works anymore.... always the same failure... would be cool if u write a FAT readme with 'BE CAREFULL U CAN FUCKUP UR GAME IF UR NOT A PRO IN THOSE THINGS'... i wouldnt even have touched it then.... now my game i seriously fucked up... i try things a whole week now... and it doesnt work anymore... i dont even know what the patch did then, i just read it and it sounded cool and i couldnt find any problems with it.... :/:/ really, for cry out loud... i now have to formate my pc till i can play the game again... really a shame :/


Top
 Profile  
 
 Post subject:
PostPosted: 08 May 2008 22:02 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
If you read and follow the instructions displayed by the patch (moreover reading on which platforms and versions I have tested the patch or the patch is targetted to work on) there are almost never problems and if there is an error it's enough to restore the original file you patched which can be just the original executable of the game or the one which the patcher asked to save.

All the stuff on my website is classified as experimental (perfect software doesn't exist) and the patches, moreover those which work on more than one game ("universal"), naturally are not excluded by this classification. that's why I update my patches and work-around when users report problems.

Then things like critical problems to the entire game (what?!!?) and arriving to solutions like formatting the pc (wow this is the first time I hear something similar for a game which doesn't work) are just ridiculous things.


Top
 Profile  
 
 Post subject:
PostPosted: 09 May 2008 10:55 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
format pc ??? where did you got so stupid idea ?
ever heard about uninstalling - cleaning registry - reinstalling ?
just try to reinstall game first...if it doesnt work then uninstall - CLEAN registry - reboot - clean install game again. it will works for sure.


Top
 Profile  
 
 Post subject: Re: q3dirtrav fix
PostPosted: 01 Jan 2011 15:11 

Joined: 28 Jun 2010 15:35
Posts: 7
What realy does the patch ?
What does it locks ?
The "download" command ?
Downloading cfg files ?


Top
 Profile  
 
 Post subject: Re: q3dirtrav fix
PostPosted: 01 Jan 2011 21:57 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
from the runtime screen:
Code:
In short what this patcher does is adding the following code in SV_BeginDownload_f:

  if(Q_stristr(Cmd_Argv(1), \"..\") || !Q_stristr(Cmd_Argv(1), \".pk3\")) {
    str[0] = 0;
  }
nothing more and nothing less than what's written there


Top
 Profile  
 
 Post subject: Re: q3dirtrav fix
PostPosted: 11 Jan 2011 22:04 

Joined: 28 Jun 2010 15:35
Posts: 7
Ok it verifies that it's a pk3 file that is downloaded... thx :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 22 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: