Forum

Page 2 of 6 FirstFirst 1234 ... LastLast
Results 16 to 30 of 84
  1. #16
    Join Date
    October 2015
    Posts
    2

    Worried....

    Quote Originally Posted by ScP View Post
    I wouldn't assume the worst case scenario just now... If you can provide details about the suspicious file we might be able to help. Can you upload that file somewhere (e.g. Dropbox) and send me a PM with the link?
    I was hit yesterday too. Yes I have the files and it was odd, I started a ticket with shrapnel network but they said it was probably nothing. Seems it IS something. I do not know how to send you a message or files on here though. They put 2 items on my desktop that look like firefix icons. One says "gas in car" the other has a bunch of gibberish numbers. I scan them with AVG and it says they are okay, but I have a clean desktop and know that these are not MY files, lol.

    I updated my client, but I have no idea what this Server queary thing is to change the minimum client version to log in, I wish they did a better job of telling us how to do it.

  2. #17
    Join Date
    October 2011
    Posts
    44
    Hey,

    Only the client is / was exploitable, not the server right? Also i suppose any user on any server could've exploited anyone, or was it just server owners that could exploit clients?

  3. #18
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,371
    Quote Originally Posted by tommysil View Post
    I updated my client, but I have no idea what this Server queary thing is to change the minimum client version to log in, I wish they did a better job of telling us how to do it.
    Do you run your own TS3 Server or is it hosted by an ATHP?

    For more details on ServerQuery, please refer to our ServerQuery documentation:

    http://media.teamspeak.com/ts3_liter...y%20Manual.pdf

    Quote Originally Posted by justincase View Post
    Hey,

    Only the client is / was exploitable, not the server right? Also i suppose any user on any server could've exploited anyone, or was it just server owners that could exploit clients?
    That is correct. The only way users without admin access could exploit this is by setting a malicious channel description in a custom channel (which requires the victim to actually click the channel and see the description). Usually, admins disable the permissions to set channel descriptions for guests so this exploit is most likely used by server owners.

  4. #19
    Join Date
    April 2012
    Posts
    6
    Are Teamspeak versions prior to 3.18 also affected by this bug?

  5. #20
    Join Date
    August 2014
    Posts
    21
    Please tell me, that the exact attack vector is a bit more complex than a simple

    Code:
    [img ]http://foobar.com/virus.exe[/img]
    (Ignore the whitespace.)

  6. #21
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,371
    Quote Originally Posted by Peter77 View Post
    Are Teamspeak versions prior to 3.18 also affected by this bug?
    Yes. Every version prior to 3.0.18.1 is affected.

    Quote Originally Posted by phvcky View Post
    Please tell me, that the exact attack vector is a bit more complex than a simple

    Code:
    [img ]http://foobar.com/virus.exe[/img]
    (Ignore the whitespace.)
    Yes. It's a bit more complex than that.

    Last edited by ScP; October 10th, 2015 at 11:09 PM.

  7. #22
    Join Date
    May 2010
    Location
    Verona - Italy
    Posts
    120
    The issue persists with the version 3.0.18.1, I'm testing with a file of various GB and ts still start downloading the file.
    How to reproduce? Clean the cache and view again the affected channel...

  8. #23
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,371
    Quote Originally Posted by Kaosvf View Post
    The issue persists with the version 3.0.18.1, I'm testing with a file of various GB and ts still start downloading the file.
    How to reproduce? Clean the cache and view again the affected channel...
    Actually, that's normal behavior. Your web browser will do the same when you're dealing with weird image sources.

  9. #24
    Join Date
    July 2012
    Location
    Austria
    Posts
    5
    Could you please release a bit more details of this security vulnerability? What does it affect? Any text boxes where bbcodes can be used? Just privat messages, channel messages, any channel fields? Does it also work over poke messages?

  10. #25
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,371
    Quote Originally Posted by Patschi View Post
    Could you please release a bit more details of this security vulnerability? What does it affect? Any text boxes where bbcodes can be used? Just privat messages, channel messages, any channel fields? Does it also work over poke messages?
    It affects the server hostbanner/hostbutton and channel descriptions. Please respect, that we won't publicly disclose how exactly this vulnerability can be exploited.

  11. #26
    Join Date
    July 2012
    Location
    Austria
    Posts
    5
    Quote Originally Posted by ScP View Post
    Please respect, that we won't publicly disclose how exactly this vulnerability can be exploited.
    Yes, sure, sure. I don't wanted to ask for a detailed explanation how this can be exploited, I just wanted to know on which places in the client this exploit can be used and this question you already answered in your post - that was all I wanted to know about Thanks for your fast reply!

  12. #27
    Join Date
    August 2014
    Posts
    21
    Quote Originally Posted by ScP View Post
    It affects the server hostbanner/hostbutton and channel descriptions. Please respect, that we won't publicly disclose how exactly this vulnerability can be exploited.
    Of course I can understand this.

    I don't want to know the specific attack vector (i.e. how to exploit the vulnerability), but which parts of the application are affected.

    If I extrapolate your post correctly, it's not the BB-Code parser that's affected, but the backing rendering engine?
    However, the channel description is the only pathway a stranger attacker, who isn't an admin, can take?
    Chat messages and poke messages as well as offline messages pose no threat?

    If you could confirm this and that clients are 100 % safe, when editing the descriptions is disabled for regular users, I'd be satisfied.

  13. #28
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,371
    Quote Originally Posted by phvcky View Post
    If you could confirm this and that clients are 100 % safe, when editing the descriptions is disabled for regular users, I'd be satisfied.
    Confirmed.


  14. #29
    Join Date
    October 2015
    Posts
    7
    Thanks for the updates. Just a concern, the pop up box that comes up when connecting to a server with the min client version check looks like a virus. Any chance that pop up could be changed in the next version?

  15. #30
    Join Date
    October 2015
    Posts
    1
    Using:
    UPDATE server_properties SET value = '1444491275' WHERE ident = 'virtualserver_min_client_version';
    Updates current virtual servers, but for virtual servers created after running this, will they automatically have this value as well, or does something else need to be done for that and if so what?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: August 13th, 2015, 05:01 AM
  2. Cannot Update TeamSpeak 3 Client
    By FazzaR in forum Bug Reports [EN/DE]
    Replies: 2
    Last Post: May 24th, 2011, 08:01 AM
  3. TeamSpeak 3 Client Update failing at 59%.
    By rifter in forum Windows
    Replies: 4
    Last Post: May 17th, 2011, 04:24 PM
  4. Replies: 5
    Last Post: October 29th, 2010, 05:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •