[TS2] Windows/Linux Server Binary 2.0.23.22

R. Ludwig · #1 11-08-2007, 21:56

ftp://ftp.freenet.de/pub/4players/te.../server/202322

- fixed a security issue which could enable a serveradmin to read files from your harddisk via
the servers built-in web administration interface

Claw · #2 11-08-2007, 23:31

Quote:

Originally Posted by R. Ludwig

ftp://ftp.freenet.de/pub/4players/te.../server/202322

- fixed a security issue which could enable a serveradmin to read files from your harddisk via
the servers built-in web administration interface

Yay, nice one... I've found that bug today, it's nice that you fix it such as fast, respect :-)!

ScP · #3 11-08-2007, 23:44

Thanks for reporting this issue.

An email has been sent to all subscribers of our official newsletter.

Claw · #4 12-08-2007, 00:11

Quote:

Originally Posted by ScP

Thanks for reporting this issue.

An email has been sent to all subscribers of our official newsletter.

No problem!

It would be nice if you could delete all these old threads which contain links to the hotfixes!

ced1202 · #5 12-08-2007, 00:25

Hello,
Why every updates ?
Can i get the security update reason and the security risks?
Tanks Ced1202
----------------------------------------
http://www.servperso.com

Claw · #6 12-08-2007, 01:03

Hi cd1202

See the first post:
- fixed a security issue which could enable a serveradmin to read files from your harddisk via
the servers built-in web administration interface

Security risk can be the following:
- Read /etc/passwd and /etc/shadow
- Read configuration files (f.e. Confixx and Plesk Configuration Files (I've already tried that and gained full access (root) to an server!))
- Read the server.log (To gain IP Adresse AND also to get SSA/SA access data (f.e. if you just setup your server, and you didnt change the pre defined ssa/sa password))

Update ASAP!

BHKai · #7 13-08-2007, 03:40

Does this require one to update the folders also, not just the server executable?

maxi1990 · #8 13-08-2007, 18:24

In dem Forum aus dem du das hast steht, dass er angeblich noch geht...

Claw · #9 13-08-2007, 20:02

XSS-Bugs "sollten" alle gefixt sein!

ozman · #10 22-08-2007, 23:03

I am having the weardest thing happpen to all clients on TS
when two people speak at the same time I would expect feedback insted we all get a horible static noise

TS VER 2.0.23.22
codec speex 12.3
Ubuntu 6.06
mysql 5.22 dist. MD5 hashed DB

any suggestions

maxi1990 · #11 22-08-2007, 23:49

I think this is a Client/Sound issue, not a Bug.

BHKai · #12 23-08-2007, 00:34

Does your server have good enough specs to run TS?

ozman · #13 23-08-2007, 06:25

AMD 64 3800
800 fsb
2gb ram
video not used
sound not used

TS VER 2.0.23.22
codec speex 12.3
Ubuntu 6.06
mysql 5.22 dist. MD5 hashed DB

Most Clients Have Updated There Client Version to 2.0.33.7 At My Request

If This Post Needs To Be Moved Please Do So!!