Jump to content

[fixed in hotfix] MTA 0.5 dedicated server exploit


ijsf

Recommended Posts

NOTE: Server Patch 1 Hotfix includes this workaround by default. You can download Server Patch 1 Hotfix here. You do not need to update to Server Patch 1 Hotfix if you have already applied this workaround. A Linux repackage of Server Patch 1 with this workaround applied will be up soon.

Linux server operators: if you have installed the Server using the binary (mta05_server_linux.bin) and not previously applied this workaround, you must apply this hotfix or the workaround described below.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

The guys over at bugtraq discovered a critical bug in the currently released MTA 0.5.x dedicated servers.

The bug involves an admin exploit that can be used by a malicious user to gain access to the "Set MOTD" administration command, that is used to modify the MOTD.txt (Message Of The Day) file.

The exploit can then be used to crash the dedicated server.

The affected platform is Microsoft Windows. The bug still exists on all other platforms, but is currently not exploitable.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

Quick fix

To fix this exploit, the "motd.txt" file, located in the server directory, will have to be set to read-only.

Deleting motd.txt will NOT fix the problem!

Please follow the steps for your server platform.

Quick fix :: Microsoft Windows

Change the "motd.txt" file attributes to Read-only.

1. Open up Windows Explorer and navigate to your server directory

2. Right click on motd.txt and select Properties

3. Under Attributes (below), make sure the Read-only box is ticked, like so:

motdz.png

Quick fix :: *nix platforms

Chmod your "motd.txt" file to 444, read-only mode.

1. cd /path/to/your/server/directory

2. chmod 444 motd.txt

Edited by Guest
Link to comment
  • 1 month later...
  • 3 months later...
In answer to ure questions above: no there is no exploit to the MTA server, no there is no way of getting on without knowing the admin password and no the MTA Team does not have access to all mta servers admin.

hmm? isnt this what =SGB= was talking about about a year ago?

Told you so

thanks for making me an idiot <--------- how mature...

Link to comment
  • 5 weeks later...
In answer to ure questions above: no there is no exploit to the MTA server, no there is no way of getting on without knowing the admin password and no the MTA Team does not have access to all mta servers admin.

hmm? isnt this what =SGB= was talking about about a year ago?

Told you so

thanks for making me an idiot <--------- how mature...

NO dude that was Olis backdoor hacks that was put in by oli in his script and it was way before 0.5 was released so this is something else , that was olis doing this is a failure on MTA teams part , lots of difference.

Link to comment

Please post your slanderous statements elsewhere. Thankyou.

As for an error being in MTA. Welcome to beta software. May I suggest you read the documentation next time you install something that is in development. In the meantime perhaps it is safer if you stick to tried and tested software such as Barbie Fashion Designer to avoid having to come into contact with any form of bug and the evident suffering it causes you.

Link to comment
  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...