Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 12:31

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 
Author Message
 Post subject: Q: ts3 beta23 exploit, persistent problems?
PostPosted: 24 Aug 2010 20:11 

Joined: 24 Aug 2010 19:57
Posts: 1
Hi aluigi & others,
I tested your exploit for ts3 some weeks ago on my friends server.
My friend now got several security problems with the server (after ts3 server update).
I want to ask you if it's possible to create unintended new flaws or leave flaws on a root server with this exploit?!
Is there any potential that this exploit affects anything other than teamspeak?

Thanks for any response :)

Greetings
ilu


Top
 Profile  
 
 
 Post subject: Re: Q: ts3 beta23 exploit, persistent problems?
PostPosted: 08 Sep 2010 09:36 

Joined: 24 Jun 2010 10:04
Posts: 70
Location: aluigi not @ home
the fact is that the bug I found allowed to fully compromise the ts3 server software (not the server machine because it wasn't a code execution bug) so an attacker can create hidden admin accounts that he can use anytime he wants and I can't exclude other possible problems (only hypothesis) that an admin can exploit to gain access to the whole server (for example if there is a buffer-overflow in a function that only the admin can use).

your friend should delete the whole ts3 database or doing a long verification of all the user permissions


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 2 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
cron