Forum

Page 4 of 6 FirstFirst ... 23456 LastLast
Results 46 to 60 of 84
  1. #46
    Join Date
    February 2014
    Posts
    250
    Quote Originally Posted by ScP View Post
    Another small update...

    I've been contacted by two people with infected systems. Both had a variant of Troj/Agent-ACIA sitting in their ProgramData directory.

    https://www.sophos.com/en-us/threat-...gent-ACIA.aspx

    To check if you're infected, check if there are any AutoIt scripts (*.au3), Visual Basic scripts (*.vbs) or suspicious executables (*.exe) in C:\ProgramData and have a look at running processes.

    Here's a list of some files you don't want to find:

    Code:
    Name         | SHA1 Checksum
    <random>.au3 | b648d925d56404c325ae3f328cdd5dcc024b9077
    <random>.exe | cae4e8c730de5a01d30aabeb3e5cb2136090ed8d
    abc.exe      | 5e6b86477ee431115ad125231606910a7fe83957
    mario.vbs    | 7bb1a4beebe6c0f4dce3f6b4734adb64bbfe167b
    In addition, if a script kiddie has tried to exploit the vulnerability in your TeamSpeak 3 Client, there's probably a file called ts3.bat in your Autostart directory. If you see this file, delete it immediately before it can unleash its evil magic...
    Just some more info, if you were running Malwarebytes when starting your PC if you had ts3.bat it would prevent the .exe from getting downloaded. You'll then only have the .vbs and .bat to clear. The .exe & .au3 would not be present. It's likely that some other anti-virus software would have prevented this too.

  2. #47
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,527
    Quote Originally Posted by Patrick1164 View Post
    Just some more info, if you were running Malwarebytes when starting your PC if you had ts3.bat it would prevent the .exe from getting downloaded. You'll then only have the .vbs and .bat to clear. The .exe & .au3 would not be present. It's likely that some other anti-virus software would have prevented this too.
    Not necessarily... the victims I spoke with had G DATA and Avira products installed and up-to-date.


  3. #48
    Join Date
    February 2014
    Posts
    250
    Quote Originally Posted by ScP View Post
    Not necessarily... the victims I spoke with had G DATA and Avira products installed and up-to-date.

    Ah, that's a shame. Might be worth advising they run MalwareBytes alongside then

  4. #49
    Join Date
    May 2012
    Location
    The 3rd dimension
    Posts
    956
    Might be worth the developers testing their work and trying to figure out "How could this be exploited?" and fix what you find?

  5. #50
    Join Date
    October 2015
    Posts
    2

    reply

    Quote Originally Posted by ScP View Post
    Do you run your own TS3 Server or is it hosted by an ATHP?

    For more details on ServerQuery, please refer to our ServerQuery documentation:

    http://media.teamspeak.com/ts3_liter...y%20Manual.pdf

    That is correct. The only way users without admin access could exploit this is by setting a malicious channel description in a custom channel (which requires the victim to actually click the channel and see the description). Usually, admins disable the permissions to set channel descriptions for guests so this exploit is most likely used by server owners.

    I think I run it, I pay for it. Shrapnel-network is the host. I contacted them and he was surprised but acted immediately and shut down all servers and I guess changed the minimum client version for log in. I was thankful bc I dont understand the codes that were put in this thread at the beginning.

  6. #51
    Join Date
    December 2010
    Location
    Germany
    Posts
    30
    Was user action required to get exploited (click the channel to actually read the channel description)? I am running a TeamSpeak Bot on my server which needs a running TS client (as the server query does not receive all events... hidden feature request here) and want to know if my server could be comromised.

  7. #52
    Join Date
    June 2008
    Posts
    18,153
    Quote Originally Posted by CalibeR.50 View Post
    Was user action required to get exploited?
    Yes (on your own server). Users needed to click on a channel to get infected.
    No (on other servers). A server could have that exploit running as a server banner or in the host button. This got loaded automatically on server join.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  8. #53
    Join Date
    September 2014
    Posts
    14
    As an admin renting a server at an ATHP, can I actually do anything about it or do I have to wait for the ATHP to take care about this? If I can do anything, could anybody explain the actual steps to me?

    Thank you very much!

  9. #54
    Join Date
    June 2008
    Posts
    18,153
    Tell your users to update to client version 3.0.18.1 as a first step.
    That's the most important step here.

    Then contact your hoster about the minimal desktop version of 1444491275 (it could be that he is already informed about this).
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  10. #55
    Join Date
    October 2015
    Posts
    16
    Quote Originally Posted by ScP View Post
    Good morning! First, I'd like to give you guys a quick status update...

    An updated Android client is available on Google Play now. However the iOS update will take longer to complete and has to go through Apple's approval process, so we might not be able to publish our new iOS client before the end of the week.

    We still strongly recommend updating the minimum version requirement in your servers in order to force your users to upgrade their clients and ensure their security, but you might experience an increase in support inquiries from mobile users (primarily iOS users) in the next few days.

    As already stated in my initial posting, the alternative to increasing the minimum version number for now is revoking the permissions to set channel descriptions for non-admins.

    Now let's see if I can give answers to your questions from the last hours...

    I agree, that that dialog is not pretty, but it get's the job done. Do you have a suggestion on how to make it look better? I'd forward your input to the devs then.

    Yes. This SQL query will also update the default settings for virtual servers (ID 0). In addition, upcoming server versions will automatically increase the minimum client version and add new server properties to control the minimum iOS and Android versions separate.

    Basically, there are two permissions you should temporary remove from non-admin groups:

    1. b_channel_create_with_description
    2. b_channel_modify_description

    In the default permission set shipped with the TS3 Server (defaults.sql), these permissions are already disabled for guests. You only need to do this if you actively changed your guest group permissions.

    Thanks for the reply. I don't have many suggestions for the dialogue box, but could forcing all clients to update their teamspeak versions to 3.0.18.1 upon opening the application be a possibility?

  11. #56
    Join Date
    October 2015
    Posts
    1

    TS Notfier

    Quote Originally Posted by dante696 View Post
    Tell your users to update to client version 3.0.18.1 as a first step.
    That's the most important step here.

    Then contact your hoster about the minimal desktop version of 1444491275 (it could be that he is already informed about this).
    If I update TS from 3.0.16 to 3.0.18.1 will my TS notifier settings be changed ?

  12. #57
    Join Date
    October 2015
    Posts
    1
    Quote Originally Posted by dante696 View Post
    Tell your users to update to client version 3.0.18.1 as a first step.
    That's the most important step here.

    Then contact your hoster about the minimal desktop version of 1444491275 (it could be that he is already informed about this).
    Is it possible to tell us how a malformed channel description looks like without telling us how to exploit the vulnerability?

    Also: Are client descriptions vulnerable?

  13. #58
    Join Date
    October 2015
    Posts
    1

    update sucks

    well this update made me lose all my permissions on every teamspeak i go in, i lost all my identities/bookmarks/plugins so i wouldn't advise it....... -.-

  14. #59
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,527
    Quote Originally Posted by iStinger View Post
    Thanks for the reply. I don't have many suggestions for the dialogue box, but could forcing all clients to update their teamspeak versions to 3.0.18.1 upon opening the application be a possibility?
    The TeamSpeak 3 Client is checking for updates every 24 hours and penetrates you with an update notification until you finally decide to give in...



    Unfortunately, a lot of users still decide to keep using old versions and we don't have a secret kill-switch to enforce a client-side update.

    Anyway... while we strongly recommend this update, it's technically impossible for users with hardware from the stone age (e.g. ancient CPUs without SSE2 support) to update as we had to introduce new OS and hardware requirements with the last client releases. We'll have to discuss internally if there's something we can do about this... not promising anything here.

    Quote Originally Posted by jdangerf View Post
    If I update TS from 3.0.16 to 3.0.18.1 will my TS notifier settings be changed ?
    No, an update will not change your settings. In addition, our plugin API hasn't changed since version 3.0.14 which was released more than a year ago, so you should be fine.

    Quote Originally Posted by Erinfey View Post
    Is it possible to tell us how a malformed channel description looks like without telling us how to exploit the vulnerability?

    Also: Are client descriptions vulnerable?
    Well... one thing to look for is a little paper/document icon in a channel description. While this could also indicate a harmless broken image, it might be worth investigating if you're the server admin.

    Client descriptions are not vulnerable.

    Quote Originally Posted by ferocious123 View Post
    well this update made me lose all my permissions on every teamspeak i go in, i lost all my identities/bookmarks/plugins so i wouldn't advise it....... -.-
    As I stated above, a client update does not break your settings, plugins, etc. My best guess is that you did a clean install and picked a different storage location for your settings than during the previous installation.

  15. #60
    Join Date
    October 2015
    Posts
    1
    QUESTION, when will iOS users get a teamspeak update, I cant enter any servers and using ts on a computer lags me/is a hassle to tab in and out of.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: August 13th, 2015, 05:01 AM
  2. Cannot Update TeamSpeak 3 Client
    By FazzaR in forum Bug Reports [EN/DE]
    Replies: 2
    Last Post: May 24th, 2011, 08:01 AM
  3. TeamSpeak 3 Client Update failing at 59%.
    By rifter in forum Windows
    Replies: 4
    Last Post: May 17th, 2011, 04:24 PM
  4. Replies: 5
    Last Post: October 29th, 2010, 05:53 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •