Sign in to follow this  
ijsf

MTA 0.5 dedicated server flaw (27/09/2005 @ 05:22 CET)

Recommended Posts

NOTE: Server Patch 1 Hotfix includes this workaround by default. You can download Server Patch 1 Hotfix here. You do not need to update to Server Patch 1 Hotfix if you have already applied this workaround.

Linux server operators: if you have installed the Server using the binary (mta05_server_linux.bin) and not previously applied this workaround, you must apply this hotfix or the workaround described below.

The workaround below is for informational purposes only, you do not need to apply it as long as you have Server Patch 1 Hotfix.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

The guys over at bugtraq discovered a critical bug in the currently released MTA 0.5.x dedicated servers.

The bug involves an admin exploit that can be used by a malicious user to gain access to the "Set MOTD" administration command, that is used to modify the MOTD.txt (Message Of The Day) file.

The exploit can then be used to crash the dedicated server.

The affected platform is Microsoft Windows. The bug still exists on all other platforms, but is currently not exploitable.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

Quick fix

To fix this exploit, the "motd.txt" file, located in the server directory, will have to be set to read-only.

Deleting motd.txt will NOT fix the problem!

Please follow the steps for your server platform.

Quick fix :: Microsoft Windows

Change the "motd.txt" file attributes to Read-only.

1. Open up Windows Explorer and navigate to your server directory

2. Right click on motd.txt and select Properties

3. Under Attributes (below), make sure the Read-only box is ticked, like so:

motdz.png

Quick fix :: *nix platforms

Chmod your "motd.txt" file to 444, read-only mode.

1. cd /path/to/your/server/directory

2. chmod 444 motd.txt

Edited by Guest

Share this post


Link to post

after 7 months some pro's actually took time to try MTA 0.5 :shock: that's really a suprise :lol: especially since these guys are the real deal, and not many ppl still play mta 0.5 nowadays(and i didn't expect them to know MTA).

and very useful for those who still host a server :P

Share this post


Link to post
(...) and not many ppl still play mta 0.5 nowadays

At the time of this post, there were 120 ppl playing mta0.5 (stats via ASE). Its indeed less than it was before, in 0.3 times, but still more ppl play this than, for example, Doom3 multiplayer :P

But back on the topic, its good that the flaw was discovered, and there's already solution for it :)

GJ to the one who discovered this bug, and to the MTA Team, for creating a solution for it :wink:

Share this post


Link to post
At the time of this post, there were 120 ppl playing mta0.5 (stats via ASE)
that might be true, i just visited the game-monitor site(seems to be like 100 players playing or so, but not all of them are playing, some are just connected and are idling :P)

but what i really meant was, if you take a look at here:

http://securityfocus.com/

you'll see exploits report from programs (like firefox); although mta has(or had) a lot of players, it's not as high as the users of these popular programs :P

that's why i was kinda suprised that bugtraq actually tried mta 0.5.

Share this post


Link to post
Maybe they got bored and wanted to try something else for a change 8)

I think blokkers right in this concern ;) theres been the release of Day of Defeat Source which has seen fellow MTA players playing it :) there is different gameplay offered by different things. e.g Guildwars has caught my eye lately

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.