Forum


Notice to all users

We are migrating towards a new forum system located at community.teamspeak.com, as such this forum will become read-only on January 29, 2020

Page 1 of 3 123 LastLast
Results 1 to 15 of 43
  1. #1
    Join Date
    December 2009
    Posts
    244

    Solved [Fixed?] Client without permission can access Server group dialog

    Hi,

    There is a small bug with the client that can lead to a little "exploit" on miss-configured NEW groups (mostly on new group based on copy group. With NEW i mean none default groups).

    The thing is that when you connect to a server and you have no right (guest) and you right click on your name then set server group - server group dialog, you can access (randomly but after some try you can when not the first time) the server group dialog (what you should not).

    Then if a server group exists with a needed add/remove power with no value or to low value you can add yourself in these groups.

    This can lead in teamspeak takeover as some people creates new group and add some SA permission such as kick/ban/server modification and forget to check the needed add/remove permission this group.

    So you can add yourself in those groups and then add/remove (if the permission are set so (and you easily find server with such configs)) other SA and takeover the server.

    Even if those miss-configured groups don't give Admin permission you could be in groups with more privilege as you should have.

    This is only exploitable as you can access the server group dialog when you should not.

    I could reproduce it, sometime working on the first time, sometime after retrying after disconnecting and reconnecting on the same server (sometime several times).

    We had a hosted server that was overtaken with this methode (we then installed the known ts3bot from stefan1200 to protect all the important group on those servers and checked the add/remove values too)

    This works on all known server version and at least last 2 client builds (not tested earlier version).

  2. #2
    Join Date
    January 2010
    Location
    Catalunya
    Posts
    2,350
    I can't reproduce it.

    When the ServerGroups are right configurated: i_group_needed_member_add/remove_power

    And the GuestServerGroup are disabled: i_group_member_add/remove_power

  3. #3
    Join Date
    December 2009
    Posts
    244
    yes, as i wrote if the add/remove are right configurated there is no problem.

    As for the guest server group, i did not test when disabling it (and i don't know much server were it is).

    But still there is the bug that will show the server group dialog when you normaly don't have the right to.

    If needed i can make a video (or something else if you have an idea) to show it working.

    Once again the security risk is only if the groups are badly configurated. (what is somehow often the case... -_-)

  4. #4
    Join Date
    June 2008
    Posts
    18,513
    This is no bug! The permission was changed a whiel ago and only allows or forbidds a querry to acces this list. Please hower over the permission and read the popup.

    Code:
    This permission allows or denies a user or group the ability to use the ServerQuery command "servergrouplist" to retrieve a list of server groups on the virtual server.
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  5. #5
    Join Date
    December 2009
    Posts
    244
    I'm not sure you understood me well... To be sure :

    You can access the server group dialog in the client when you SHOULD NOT !

    Explain me why the first times it is not possible (when you right click on you you can go as far as set server group, and then the server group dialog is greyed out, what is normal) to access the server group dialog box and after some tries (without any changes on the server) you can access it (the server group dialog box is no more greyed) ? (and sometimes the first time, and then no more).



    So, once again to be clear : i'm not talking about the serverlist permission, i'm talking about the fact that guests should not be able to access the server group dialog box (within the client), but still can.

    it's a little bug that sounds anoying but with "missconfigured" server you can give you rights that you shouldn't.

  6. #6
    Join Date
    June 2008
    Posts
    18,513
    I mean Servergroup and Channelgroup dialogs. And permission is still for Querry only! If you have read what i quoted you wil see ServerQuery command "servergrouplist".

    The client already knows the groups as soon he joins the server and as long he can't acces the member or permission list you, as long you won't send any private information.

    There was a bugreport, that user can spy another server, when they hold this permission dialog opened, but the client knows the groups.

    This is no bug and has been changed ~2 months ago

    edit this has been changed 4 months ago
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  7. #7
    Join Date
    December 2009
    Posts
    244
    Ok, but explain me why the client can't access the permission list and add himself in a group, and with this he is able to ???

    Then, explain me, why it is greyed out as it should, but rondomly will NOT be greyed out and gives the possibility to add yourself in the group ?

    As for the query and the permission and the query command i know this, but i don't understand why you talk to me about this as it is not the purpose of the bug...

    The purpose of the bug is to be able to access a part/dialog box of the client when you should not be able to....

    Not sure if we understand us right ^^

    Edit : here an exemple of application and please explain me why it goes like this :

    Connecting on a server, i am in guest group as it is my first time i go on it.
    Right clicking on my name -> set server group -> server group dialog.

    I can't click on server group dialog as it is greyed.

    I reconnect on the same server, right click on my name -> set server group -> server group dialog

    This time i can access it and add me to missconfigured newly or copied group and eventually grant me some admin rights depending on the groups and permissions....

    So please explain me why sometime i can access the server group dialog and sometime not (what is correct as a simple guest on the server) (on the same server that has had NO changes)

  8. #8
    Join Date
    June 2008
    Posts
    18,513
    Quote Originally Posted by TotoIsBack
    Ok, but explain me why the client can't access the permission list and add himself in a group, and with this he is able to ???
    Because the default Guest & Normal don't has b_virtualserver_servergroup_permission_list; b_virtualserver_channelgroup_permission_list and i_group_member_add_power

    Quote Originally Posted by TotoIsBack
    Then, explain me, why it is greyed out as it should, but rondomly will NOT be greyed out and gives the possibility to add yourself in the group ?
    The menu point greys out as soon you disconenct and the rightclick menu is grey, when you don't have any i_group_member_add_power


    Quote Originally Posted by TotoIsBack
    As for the query and the permission and the query command i know this, but i don't understand why you talk to me about this as it is not the purpose of the bug...
    The purpose of the bug is to be able to access a part/dialog box of the client when you should not be able to....
    Not sure if we understand us right ^^
    Because the permissions b_virtualserver_servergroup_permission_list & b_virtualserver_channelgroup_permission_list are not for client GUI anymore!
    They are active, when you login into the server querry guest or admin and not when you assign yourself the group in client gui!

    Quote Originally Posted by TotoIsBack
    Edit : here an exemple of application and please explain me why it goes like this :

    Connecting on a server, i am in guest group as it is my first time i go on it.
    Right clicking on my name -> set server group -> server group dialog.

    I can't click on server group dialog as it is greyed.
    I reconnect on the same server, right click on my name -> set server group -> server group dialog
    This time i can access it and add me to missconfigured newly or copied group and eventually grant me some admin rights depending on the groups and permissions....
    So please explain me why sometime i can access the server group dialog and sometime not (what is correct as a simple guest on the server) (on the same server that has had NO changes)
    I can't reproduce this as Geust or Normal user it is grey even, wehn I relog and login meanwhile as Server Admin


    Quote Originally Posted by TotoIsBack
    Ok, but explain me why the client can't access the permission list and add himself in a group, and with this he is able to ???
    You need the permission b_virtualserver_channelgroup_permission_list; b_virtualserver_servergroup_permission_list; b_virtualserver_client_permission_list; b_virtualserver_channel_permission_list or b_virtualserver_channelclient_permission_list to access the permissions in any of permissions dialog.
    The permissions are not set by default for Normal or Guest, when you create a server. Plese check these permissions!


    The whole thing, that you can access the Server and Channel group is no Bug! I have no idea why you say it greys out as long you are connected?
    When sending me private messages: Please make sure to include reference link to your forum thread or post.

    TeamSpeak FAQ || What should i report, when i open a client thread?

  9. #9
    Join Date
    December 2009
    Posts
    244
    Once again you are stuck on the permission when i explain you it has nothing to do with it...

    I can't reproduce this as Geust or Normal user it is grey even, wehn I relog and login meanwhile as Server Admin
    but here is the point, that's the bug, nothing more nothging less, nothing to do with permission...

    and in fact you don't answer my question as it seems you don't understand me....

    here an exemple of application and please explain me why it goes like this :

    Connecting on a server, i am in guest group as it is my first time i go on it.
    Right clicking on my name -> set server group -> server group dialog.

    I can't click on server group dialog as it is greyed.
    I reconnect on the same server, right click on my name -> set server group -> server group dialog
    This time i can access it and add me to missconfigured newly or copied group and eventually grant me some admin rights depending on the groups and permissions....
    So please explain me why sometime i can access the server group dialog and sometime not (what is correct as a simple guest on the server) (on the same server that has had NO changes)
    That's the bug i'm talking about, focus on this....
    As guest (or normal group as you want) you should not access this dialog box, but you can...

    The only thing i can confess is that this behavior is sometimes random (not as a bug that would works 100% on 100% of your tries, but after some tries it comes out)

    If you want we could speak about it on teamspeak ? (even in german if you want)

    Anyway, thank you to reply with detailed answers

    Ok, here some screenshots :


    - Connecting on a random server in the webserverlist.
    As a normal behavior, the menu is greyed :

    http://img138.imageshack.us/img138/1008/ts31greyed.jpg

    - Reconnecting on the same server (once again, it's not mine, and no one modified it between my connexion) :

    http://img404.imageshack.us/img404/5...1notgreyed.jpg

    - And as you can see i can access the menu (this server has its rights configured and i cannot add myself in any groups, but i shouldn't be able to access this menu, should I ? If the server had other groups with bad add power sets, i would be able to add myself in it. If needed i can provide screen or video showing it...)

    http://img101.imageshack.us/img101/3...notgreyedb.jpg

    (At first connexion on this server i could access the menu, after reconnecting i could not anymore. Reconnecting 2-3 times and i could again. I figured out too that if i close the client and open it again and reconnect, i can access the menu at first connexion too.)

    I have to point out that if i right click and access the dialog box, after closing it, i cannot access again the dialog box (have to reconnect x times to have the menu enabled again).


    I hop you understand now what i mean...
    Last edited by TotoIsBack; November 22nd, 2010 at 12:14 PM. Reason: Added screenshots

  10. #10
    Join Date
    May 2010
    Posts
    6,310


    I just tried on the same server and I do not have this strange problem.
    (I following step by step that you wrote).

  11. #11
    Join Date
    December 2009
    Posts
    244
    did you try on the first connect ?

    I can make a video to prove it if you want ^^

    But as i said, the bug is kinda random...

    If more infos needed i will gladly give them

    I know i'm not the only one that can do it, as i know ppl that did take over Ts3 with this (plus bad add/remove power on groups with admin rights, but that's the SA fault ^^, and one of our Ts3 on our server was taken over with this method (I explained the SA to check the grp and correct the right add/remove group power to avoid the exploit)).

    You sometimes need to reconnect more times or close/relaunch client and reconnect and then it works. Once again, kinda random... and I dunno why.

  12. #12
    Join Date
    May 2010
    Posts
    6,310
    Yes I try your way, and many other ways, nothing.

    For the video, yes I want (I'm really really curious ).
    Maybe try together on the same server at the same time.

    It's really disappointing.

  13. #13
    Join Date
    December 2009
    Posts
    244
    i'm connecting on it but you will not be able to see what i see (or with teamviewer if you want)

  14. #14
    Join Date
    May 2010
    Posts
    6,310
    Quote Originally Posted by TotoIsBack View Post
    i'm connecting on it but you will not be able to see what i see (or with teamviewer if you want)
    Yes I would like.

  15. #15
    Join Date
    December 2009
    Posts
    244
    i'm on it.


Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 12
    Last Post: April 24th, 2012, 09:52 PM
  2. Replies: 9
    Last Post: April 23rd, 2012, 08:56 PM
  3. Replies: 4
    Last Post: December 7th, 2011, 06:46 PM
  4. Override client permission with server group
    By binary in forum Permission System
    Replies: 4
    Last Post: July 22nd, 2011, 01:36 PM
  5. [Fixed] Channel to client permission
    By florian_fr40 in forum Bug Reports [EN/DE]
    Replies: 1
    Last Post: October 18th, 2010, 10:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •