Forum

Page 1 of 2 12 LastLast
Results 1 to 15 of 20
  1. #1
    Join Date
    August 2016
    Posts
    1

    0-day vulnerabilities in server 3.0.13

    Hi, I found this removed on the internet. I'm not really sure what it means. Does it mean someone can hack my server and get admin? What do they mean with getting a shell? I'm using the free teamspeak server on linux, does that affect me, and what should I do?
    Last edited by dante696; August 11th, 2016 at 08:36 AM. Reason: removed before evil people do evil things, also renamed the topic

  2. #2
    Join Date
    June 2008
    Posts
    18,260
    Could mean that there are bugs in the server and we need to fix them.
    I forwarded this to our developers.

    Currently you can only do a backup of your server if that is real.

    Thank you for sharing this to us!
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  3. #3
    Join Date
    August 2016
    Posts
    4
    This issue is serious and we hope to see a fix till monday.
    Id suggest to focus on vulns 1,2,3 and 9
    And please do it correctly... you shouldnt be able to call getParam on an index that does not exist..
    And 1,2,3 are very easy to fix in less than half an hour. Just fix the important stuff and push a new version out as soon as possible.
    One can not allow to keep everyones servers at risk.

  4. #4
    Join Date
    February 2016
    Posts
    8

    Exclamation Teamspeak Server crash

    MergedNext exploit for ver 3.0.12.4 -- 3.0,13
    teamspeak logs clear
    database logs clear

    edit
    port attack 9987 UDP

    found but not tested

    "Hotfix for TeamSpeak vulnerabilities [till 3.0.13]
    i tested on my server working crash my server, but i added a line iptables, tools send length 315, i drop this packet on iptables and working for me
    -A INPUT -p udp -m udp -j DROP --match length --length 300:350"
    Last edited by dante696; August 15th, 2016 at 11:17 AM.

  5. #5
    Join Date
    October 2011
    Posts
    18
    Means they need to be more careful when coding and get audits. If you are talking about this https://www.reddit.com/r/pwned/comme...mspeak_3_pwned

    and I know deleting posts/links is usus at these forums but this link does not contain any vulnerability code it all, it only educates about the existence and severance of them and hiding that just makes you look even worse than you currently are. Let's see how long it takes them this time to fix it, probably takes ages as always.

    No wonder it is even mentioned in the advisory:

    Q: Why not do coordinated disclosure?
    A: The Teamspeak developers censor their forums and sweep vulnerabilities
    under the rug as "crashes". I am not comfortable with that. Furthermore I
    fear legal action from them.
    Last edited by Razilla; August 14th, 2016 at 03:48 AM.

  6. #6
    Join Date
    February 2014
    Posts
    280
    Quote Originally Posted by Razilla View Post
    Means they need to be more careful when coding and get audits. If you are talking about this https://www.reddit.com/r/pwned/comme...mspeak_3_pwned

    and I know deleting posts/links is usus at these forums but this link does not contain any vulnerability code it all, it only educates about the existence and severance of them and hiding that just makes you look even worse than you currently are. Let's see how long it takes them this time to fix it, probably takes ages as always.

    No wonder it is even mentioned in the advisory:

    TeamSpeak really needs to setup a disclose program of some support, or some official means of disclosing. If there are really as many vulnerabilities as quoted in this source then this is a shit show of a server update. TeamSpeak really needs to stop hiding behind closed doors and be a little more public, I'm starting to get the impression that users are decreasing rapidly fast due to lack of updates/features and their competitors just blowing them out of the water with updates/features and actual interaction with their userbase.

  7. #7
    Join Date
    January 2014
    Posts
    86
    Thanks bro

  8. #8
    Join Date
    February 2016
    Posts
    8
    No problemooo mate

  9. #9
    Join Date
    June 2008
    Posts
    18,260
    A fixed server will be released tomorrow.
    Some of these entries from the list have been fixed in server 3.0.13 already and are ooutdated.
    Last edited by dante696; August 14th, 2016 at 04:16 PM.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  10. #10
    Join Date
    August 2016
    Posts
    1

    0-day vulnerabilities in latest TS3 version

    In case this hasn't been brought to attention yet:
    *** LINK REMOVED ***

    Fortunately the exploit will not be released directly.

    But as these vulnerabilities allow remote code execution, you should really have a talk with that guy and fix these problems ASAP!
    Last edited by ScP; August 14th, 2016 at 10:14 PM. Reason: link removed

  11. #11
    Join Date
    April 2009
    Location
    Spain
    Posts
    7

    Angry

    dont worked for me... ty "developers"

  12. #12
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,527
    Fixed with server 3.0.13.1:

    *** UPDATE PULLED ***

    The official release announcement will follow in a few minutes!
    Last edited by ScP; August 15th, 2016 at 12:58 AM.

  13. #13
    Join Date
    February 2014
    Posts
    280
    Quote Originally Posted by ScP View Post
    Fixed with server 3.0.13.1:

    *** UPDATE PULLED ***

    The official release announcement will follow in a few minutes!
    Appreciate the fast fix on this one, thanks. Still no hint on your upcoming stuff?
    Last edited by ScP; August 15th, 2016 at 01:03 AM.

  14. #14
    Join Date
    October 2003
    Location
    Germany
    Posts
    2,527
    My apologies guys, but we'll have to pull the latest 3.0.13.1 update as we've identified a reproducible crash related to ServerQuery logins.

    If you've already updated to 3.0.13.1, we strongly recommend that you either block access to the ServerQuery interface or downgrade to version 3.0.13 until our dev team has fixed the issue.

  15. #15
    Join Date
    August 2016
    Posts
    1

    Expression

    Hi,
    if it uses this expression, I have a problem with the creation of Spacer. I can not create Spacer and disconnects me from the server.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. XSS Vulnerabilities in Many TS-Scripts
    By drak3 in forum Tools / Web Based
    Replies: 0
    Last Post: May 27th, 2010, 11:56 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •