Jump to content

[fixed in hotfix] MTA 0.5 dedicated server exploit


Recommended Posts

NOTE: Server Patch 1 Hotfix includes this workaround by default. You can download Server Patch 1 Hotfix here. You do not need to update to Server Patch 1 Hotfix if you have already applied this workaround. A Linux repackage of Server Patch 1 with this workaround applied will be up soon.

Linux server operators: if you have installed the Server using the binary (mta05_server_linux.bin) and not previously applied this workaround, you must apply this hotfix or the workaround described below.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

The guys over at bugtraq discovered a critical bug in the currently released MTA 0.5.x dedicated servers.

The bug involves an admin exploit that can be used by a malicious user to gain access to the "Set MOTD" administration command, that is used to modify the MOTD.txt (Message Of The Day) file.

The exploit can then be used to crash the dedicated server.

The affected platform is Microsoft Windows. The bug still exists on all other platforms, but is currently not exploitable.

!!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!!

Quick fix

To fix this exploit, the "motd.txt" file, located in the server directory, will have to be set to read-only.

Deleting motd.txt will NOT fix the problem!

Please follow the steps for your server platform.

Quick fix :: Microsoft Windows

Change the "motd.txt" file attributes to Read-only.

1. Open up Windows Explorer and navigate to your server directory

2. Right click on motd.txt and select Properties

3. Under Attributes (below), make sure the Read-only box is ticked, like so:

motdz.png

Quick fix :: *nix platforms

Chmod your "motd.txt" file to 444, read-only mode.

1. cd /path/to/your/server/directory

2. chmod 444 motd.txt

Edited by Guest
Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...