Forum

Results 1 to 2 of 2
  1. #1
    Join Date
    February 2015
    Posts
    1

    Permission flaw found allows user to corrupt whole database

    I was banned for one year yesterday for posting this for "Spam" and I'm not certain why this was done.

    I have found a flaw that allows a user to not only crash an instance, but a whole database. We have found the crash to not be recoverable and would cause the host to have to reset the whole server.

    In the SQL table groups_server, if Admin Server Query's type value is set to "1" it becomes visible in the server. If a user who has the ability to set the default server group sets it to "Admin Server Query" no permission check is in place to make sure they can set it to that level. The server will instantly crash, and ANY server hosted on that database will become corrupt.

  2. #2
    Join Date
    June 2008
    Posts
    17,934
    0 is for template groups
    1 is for normal groups that are bound to a virtual server
    2 is for query groups

    But we do not give any support for

    1. modifying the database which is the case in your report.
    2. giving yourself the group ServerQuery Admin.


    Edit
    the error message is ok. This is no bug.
    2015-02-17 08:08:05.359217|CRITICAL|PermGroupMgr | 1| Unknown group: 2 requested, error: invalid group ID
    Edit End

    Do not modify the databse with unsupported actions.
    Closed
    Last edited by dante696; February 17th, 2015 at 08:10 AM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Database corrupt? Help please!
    By -bliss- in forum Server Support
    Replies: 4
    Last Post: October 14th, 2011, 04:03 PM
  2. Grant Permission in Database
    By Soljia in forum Permission System
    Replies: 1
    Last Post: January 12th, 2010, 07:29 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •