ijsf

[fixed in hotfix] MTA 0.5 dedicated server exploit

Recommended Posts

NOTE: Server Patch 1 Hotfix includes this workaround by default. You can download Server Patch 1 Hotfix here. You do not need to update to Server Patch 1 Hotfix if you have already applied this workaround. A Linux repackage of Server Patch 1 with this workaround applied will be up soon.

Linux server operators: if you have installed the Server using the binary (mta05_server_linux.bin) and not previously applied this workaround, you must apply this hotfix or the workaround described below.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

The guys over at bugtraq discovered a critical bug in the currently released MTA 0.5.x dedicated servers.

The bug involves an admin exploit that can be used by a malicious user to gain access to the "Set MOTD" administration command, that is used to modify the MOTD.txt (Message Of The Day) file.

The exploit can then be used to crash the dedicated server.

The affected platform is Microsoft Windows. The bug still exists on all other platforms, but is currently not exploitable.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

Quick fix

To fix this exploit, the "motd.txt" file, located in the server directory, will have to be set to read-only.

Deleting motd.txt will NOT fix the problem!

Please follow the steps for your server platform.

Quick fix :: Microsoft Windows

Change the "motd.txt" file attributes to Read-only.

1. Open up Windows Explorer and navigate to your server directory

2. Right click on motd.txt and select Properties

3. Under Attributes (below), make sure the Read-only box is ticked, like so:

motdz.png

Quick fix :: *nix platforms

Chmod your "motd.txt" file to 444, read-only mode.

1. cd /path/to/your/server/directory

2. chmod 444 motd.txt

Edited by Guest

Share this post


Link to post

lol

thank god someone finally discovered what was doing it.

/me sets read only

Share this post


Link to post
Someone should reconsider doing a quick fix of MTA 0.5.x after releasing the first version of MTASA :roll:

*Coughs* I do agree also. :P

Share this post


Link to post

Yep agreed. Many people will still play MTA 0.5 after MTASA 0.1 will be released, cause of the gun sync. Untill MTASA with synced DM comes out ofcourse :P

Share this post


Link to post

Also, some people prefer Vice City because SA is very laggy even with low detail on a lot of machines.

I agree with the quick-fix thing, just a small updater that fixes the most annoying bugs that you have resolved in the time since it was released.

Share this post


Link to post

Yea..I almost feel like we MTA 0.5 Players have been left alone

No updates.. nothing.

When is a decent patch coming to fix the bugs.

Share this post


Link to post

They arent going to work on the old core since Blue is more of a priority. In the future (near?) they might go back and work on Blue for VC.

Share this post


Link to post

Working on VC would be cool.. This is the only game which didnt get that bored after 2 year playing sp, mp.. Atleast, in my eyes..

Share this post


Link to post
In answer to ure questions above: no there is no exploit to the MTA server, no there is no way of getting on without knowing the admin password and no the MTA Team does not have access to all mta servers admin.

hmm? isnt this what =SGB= was talking about about a year ago?

Told you so

thanks for making me an idiot <--------- how mature...

Share this post


Link to post
In answer to ure questions above: no there is no exploit to the MTA server, no there is no way of getting on without knowing the admin password and no the MTA Team does not have access to all mta servers admin.

hmm? isnt this what =SGB= was talking about about a year ago?

Told you so

thanks for making me an idiot <--------- how mature...

NO dude that was Olis backdoor hacks that was put in by oli in his script and it was way before 0.5 was released so this is something else , that was olis doing this is a failure on MTA teams part , lots of difference.

Share this post


Link to post

Please post your slanderous statements elsewhere. Thankyou.

As for an error being in MTA. Welcome to beta software. May I suggest you read the documentation next time you install something that is in development. In the meantime perhaps it is safer if you stick to tried and tested software such as Barbie Fashion Designer to avoid having to come into contact with any form of bug and the evident suffering it causes you.

Share this post


Link to post
They arent going to work on the old core since Blue is more of a priority. In the future (near?) they might go back and work on Blue for VC.

They should just release what they have already changed. It won't matter to players if it's buggy, it just gives them something to play.

Share this post


Link to post

There is no update for VC. The 0.5.5 for VC is pretty bugged that we would have to start again from 0.4 . Also one of the reasons why we started developing on the Blue platform sooner then we planned in the first place.

Share this post


Link to post

that would be realy nice i stop playing mta:vc because 0.5 was damn bugged, but if mta:bleu would be a nice mp i think a lot of people are going to play vc again.

Edited by Guest

Share this post


Link to post
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.