Forum

Results 1 to 14 of 14
  1. #1
    Join Date
    October 2015
    Posts
    6

    0day exploit in client 3.0.0 - 3.0.18.1

    Hello guys,

    I have found some critical vulnerabilites in the latest ts3 client! and I have sent the details to [email protected]

    Are there other ways to notify this to the developers?

    Thanks.

  2. #2
    Join Date
    June 2008
    Posts
    18,231
    The other way was this forum thread. (you can also send me or Chris a forum pm for that)

    We already had a look at your exploit.
    This looks like we fixed it already in client 3.0.19.
    http://forum.teamspeak.com/showthrea...-Client-3-0-19

    The client does not create folders or target files anymore for remote iamge files.
    Any used remote image is now stored as a hashed file in the remote folder.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #3
    Join Date
    October 2015
    Posts
    6

    G8!

    Oh! this sound good,

    Can I publish the disclosure to the public?

  4. #4
    Join Date
    June 2008
    Posts
    18,231
    Client 3.0.19 is only a beta client that was released yesterday.
    Please wait till 3.0.19 was released as a stable version (no eta available yet).


    // Edit
    Thank you for your report and fast response
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  5. #5
    Join Date
    October 2015
    Posts
    6
    Ok for respect of your work I will wait the stable patch!

    I hope you have read the little request on my email! :P

    See you soon!

  6. #6
    Join Date
    June 2008
    Posts
    18,231
    We will release a hotfix (3.0.18.2) this week.
    It will include the fix for this exploit (and all fixes from beta 3.0.19).

    Btw another group or user also did report that exploit 1-2 weeks ago. This is the reason why we have a fix ready.
    Last edited by dante696; October 22nd, 2015 at 11:13 AM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  7. #7
    Join Date
    October 2015
    Posts
    6
    Nice to hear it!

    In my release there are 3 Different vulnerabilities combined to reach the RCE (Remote Command Execution), and 1-2 week ago other user reported the same 3 vulnerabilties?
    Seems weird that you release the hotfix (3.0.18.2) after my forum post, and not simply wait the 3.0.19 stable like you said yesterday!

  8. #8
    Join Date
    June 2008
    Posts
    18,231
    I can not answer for devs or management and their decisions.
    But i'm glad that we do not wait till 3.0.19 is ready te become a stable client.

    About the exploit:
    It wasn't exactly yours, but the result was the same.
    We are still glad that your did report it to us. So we could could test if this also was fixed in latest beta release.

    About the early release:
    Some devs can not sleep at night.
    There will be ***maybe*** more who report such exploit and we think not all will wait till we release a fixed version.
    So we do it now instead of later.
    Last edited by dante696; October 22nd, 2015 at 12:30 PM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  9. #9
    Join Date
    June 2008
    Location
    Krün, Germany
    Posts
    510
    Quote Originally Posted by Scurippio View Post
    Seems weird that you release the hotfix (3.0.18.2) after my forum post, and not simply wait the 3.0.19 stable like you said yesterday!
    Original plan was to release the patch with 3.0.19. But because of the upgrade to a new compiler on Windows the 3.0.19 release turned out to be more complicated than expected and would have needed at least another 1-2 weeks. Making a hurried release with a new compiler and runtime could have turned into a desaster, which I preferred to avoid. Waiting a few weeks while the forum hyperventilates also did not appear too thrilling to me.
    So we decided to make a bugfix release now without that compiler upgrade, and then continue to work on 3.0.19 as originally planned.

    I don't think this sounds that wired, does it? :-)

  10. #10
    Join Date
    October 2015
    Posts
    6

    My exploit :)

    Quote Originally Posted by dante696 View Post
    I can not answer for devs or management and their decisions.
    But i'm glad that we do not wait till 3.0.19 is ready te become a stable client.

    About the exploit:
    It wasn't exactly yours, but the result was the same.
    We are still glad that your did report it to us. So we could could test if this also was fixed in latest beta release.

    About the early release:
    Some devs can not sleep at night.
    There will be ***maybe*** more who report such exploit and we think not all will wait till we release a fixed version.
    So we do it now instead of later.
    To be precise @dante696

    My expliot is my explioit and you can't call me out of that sorry dude :P (now is public on some sites) , the result was the same becouse is the same class of vulnerability but is another bug in another piece of code, in another vector ( my vector use the channel description, not the banner server or avatar image previusly fixed on 3.0.18.1 hotfix)

    1-2 week ago, another user reported the same class of vulnerability but is not the same vulnerability and is fixed on 3.0.18.1 (10/oct/2015) mine is fixed on 3.0.18.2 as you say.

    @PeterS

    The guy who sent the email for that exploit and scurippio are the same person (it's me :P) ,
    the weird part is the timing on this new hotfix just released after my post, if you have already this vulnerability why wait the hotfix after my post?

    btw! very good work!

  11. #11
    Join Date
    June 2008
    Posts
    18,231
    No it wasn't you who reported directly after first exploit became public!
    And no it wasn't your exploit, but our fix already did fix your version of that exploit.

    Beta client 3.0.19 including that fix was alreay released, before you did send us your version of that exploit.
    We released the client, because someone already has released your exploit on a public website. So we decided to revoke beta 3.0.19 for hotfix 3.0.18.2 instead.

    Can we please stop that topic now? There is no new information about the main problem and nothing left to do here for us.
    Thank you.
    Last edited by dante696; October 28th, 2015 at 03:13 PM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  12. #12
    Join Date
    October 2015
    Posts
    6
    @dante696

    Thanks four your response.

    Only the last clarification on it, vulnerability and exploit are two different things, I'm not claiming myself to be the first to notify the vulnerability to Teamspeak , I really don't care about that, but the published exploit is my research and my work and there are no discussion about it, when you say "your version of that exploit" it doesn't make sense because exploits don't have any versions, another version implies another exploit.

    Since this is a public board and other people can misunderstand, I only want to point out that when you write "wasn't your exploit" it's incorrect.

    You can close the topic since as you said there is nothing more to talk about.

  13. #13
    Join Date
    November 2015
    Posts
    1

    Some people can hack us!

    I'm on YouTube and I watch this:

    removed

    I'm very scared because a client can work this.

    Please fix this Exploit.
    Last edited by dante696; November 11th, 2015 at 08:31 AM. Reason: merged

  14. #14
    Join Date
    June 2008
    Posts
    18,231
    Update your clients 3.0.18.1 is not the latest client!
    This has already been fixed a while ago.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Some kind of Zero-Day-Exploit?
    By bbqeater in forum Server Support
    Replies: 5
    Last Post: April 30th, 2014, 07:41 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •