BaseJKA Security Fix
Re: BaseJKA Security Fix
Je l'ai fais avec putty.
Dans le menu de maintenance, c'est écrit mettre à jour vers BaseJka 1.2.
Je suis tout de même pas fou
http://www.gamall-ida.com/f/download/file.php?id=432
Dans le menu de maintenance, c'est écrit mettre à jour vers BaseJka 1.2.
Je suis tout de même pas fou
http://www.gamall-ida.com/f/download/file.php?id=432
"..." -- Link
Re: BaseJKA Security Fix
Basejka 1.2 n'est pas Basejka Security Fix 1.1a
http://jediknight3.filefront.com/file/BaseJKA;63098
vs
http://www.gamall-ida.com/f/viewtopic.php?f=3&t=120
J'ai fait l'interface admin des serveurs bien avant d'écrire BaseJKA Security Fix. Donc j'ai utilisé tout ce que j'avais sous la main pour protéger un serveur base des crash courants, et il se trouve que c'était Basejka 1.2. Je n'ai pas mis l'interface à jour depuis.
Mais Basejka 1.2 n'est pas mon mod, n'a rien à voir avec moi, et est closed-source donc seul l'auteur peut regler ses problèmes.
Si ce que tu veux est protéger ton serveur des crashs, je te suggère d'utiliser la version 1.1a de mon mod; la dernière version est là viewtopic.php?f=3&t=356 . Et là c'est bien à moi qu'il faudra signaler les bugs du mod s'il y en a, et tu seras sur le bon topic
Pour installer mon mod , il suffit de remplacer le jampgame du serveur par celui fourni; c'est d'ailleurs tout ce que fait l'interface SSH que j'avais écrite.
Voili
http://jediknight3.filefront.com/file/BaseJKA;63098
vs
http://www.gamall-ida.com/f/viewtopic.php?f=3&t=120
J'ai fait l'interface admin des serveurs bien avant d'écrire BaseJKA Security Fix. Donc j'ai utilisé tout ce que j'avais sous la main pour protéger un serveur base des crash courants, et il se trouve que c'était Basejka 1.2. Je n'ai pas mis l'interface à jour depuis.
Mais Basejka 1.2 n'est pas mon mod, n'a rien à voir avec moi, et est closed-source donc seul l'auteur peut regler ses problèmes.
Si ce que tu veux est protéger ton serveur des crashs, je te suggère d'utiliser la version 1.1a de mon mod; la dernière version est là viewtopic.php?f=3&t=356 . Et là c'est bien à moi qu'il faudra signaler les bugs du mod s'il y en a, et tu seras sur le bon topic
Pour installer mon mod , il suffit de remplacer le jampgame du serveur par celui fourni; c'est d'ailleurs tout ce que fait l'interface SSH que j'avais écrite.
Voili
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
{ Mods and Programs - Mods TES-IV Oblivion }
Re: BaseJKA Security Fix
I know you stopped working on this mod, but aluigi discovered a very serious exploit, which allows you to change the server's rcon password, or any cvar via voting. http://aluigi.org/poc.htm#q3cbufexec
There's a fix for it too: http://bugzilla.icculus.org/attachment. ... ction=edit
People keep attacking my server with it, rewriting my config. Sadly other basejka versions (including 1.2) are vulnerable. Could you - by any chance include this fix it in your mod?
There's a fix for it too: http://bugzilla.icculus.org/attachment. ... ction=edit
People keep attacking my server with it, rewriting my config. Sadly other basejka versions (including 1.2) are vulnerable. Could you - by any chance include this fix it in your mod?
Re: BaseJKA Security Fix
Hello,
My, my... there are so many issues with callvote...
As you noticed, I am retired; I do not have the game installed, nor the tools to compile mods -- definitely not on Windows anyway. It might compile on my Linux system, but since it is not the same system which I used to compile the mod on, the results are more or less unpredictable (depending which compiler I used I had the same code give very different results... the beauty of "hand-optimized" C...), and again, I don't even have the game to test it.
If you are hosted on a Linux server and feeling really desperate, I could try to compile it and give you the binary {edit: tried that, it doesn't compile on my system; unless there is a trick I don't remember.}. If it works well, great. If not, too bad. If you are hosted on Windows, you're on your own.
This being said, even if you are on windows, if it is really important to you, my mod is entirely open source, so nothing prevents you from getting the code, applying the patch, compiling and playing happily ever after (though you may need MS Visual studio for that, I don't know if it will compile with the GNU toolchain on windows)
My, my... there are so many issues with callvote...
As you noticed, I am retired; I do not have the game installed, nor the tools to compile mods -- definitely not on Windows anyway. It might compile on my Linux system, but since it is not the same system which I used to compile the mod on, the results are more or less unpredictable (depending which compiler I used I had the same code give very different results... the beauty of "hand-optimized" C...), and again, I don't even have the game to test it.
If you are hosted on a Linux server and feeling really desperate, I could try to compile it and give you the binary {edit: tried that, it doesn't compile on my system; unless there is a trick I don't remember.}. If it works well, great. If not, too bad. If you are hosted on Windows, you're on your own.
This being said, even if you are on windows, if it is really important to you, my mod is entirely open source, so nothing prevents you from getting the code, applying the patch, compiling and playing happily ever after (though you may need MS Visual studio for that, I don't know if it will compile with the GNU toolchain on windows)
If it's that bad, simply deactivate voting. Playing without vote is still better than a hostile server takeover.People keep attacking my server with it, rewriting my config.
The code I see here seems incomplete to me. I believe both \n and \r could be used as separators, as per humbaba's explanation. Yet this code only tests against \n. To be safe, I'd add a similar test for \r.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
{ Mods and Programs - Mods TES-IV Oblivion }
Re: BaseJKA Security Fix
Sorry for bothering you with old stuff In fact i already tried to fix the problem myself, but checking against \n had no effect. Maybe because they're using \r
Re: BaseJKA Security Fix
Oookay, i added a check for \r too, and i think it did the trick. Thanks a lot for drawing my attention to it!
Re: BaseJKA Security Fix
Hey !BSzili wrote:I know you stopped working on this mod, but aluigi discovered a very serious exploit, which allows you to change the server's rcon password, or any cvar via voting. http://aluigi.org/poc.htm#q3cbufexec
There's a fix for it too: http://bugzilla.icculus.org/attachment. ... ction=edit
People keep attacking my server with it, rewriting my config. Sadly other basejka versions (including 1.2) are vulnerable. Could you - by any chance include this fix it in your mod?
Linux or windows ?
If u use windows u can download the very last ( 10/03/2010 ) fix here : http://www.megaupload.com/?d=AG2CA47R
Include :
Fix /say aaaaaaaaaaaaaa (buffer overflow exploit)
Fix ForceString bug !
Fix /callvote map "mp/ffa3;rconpassword lol"
Fix Anti-hack download ( /download base/server.cfg ) by bobafett
Fix crash by callvote
and other fix
- K.I.T.T. Mace {L}
- Posts: 5
- Joined: Sat Jan 14, 2012 2:13 am
Re: BaseJKA Security Fix
Hey Gamall
We have a problem with a player called "boxer". He crashes our servers many times with the crash "Info string length exceeded". I think your fix should get this problem, too, but it doesn't work for our servers. Could you pls explain me more detailed, what we have to do with your files. We have both fixes, the first and the second version. I would be really happy if you contact me via e-mail or give me a detailed explanation, what we have to do after downloading it cause simply extract it into base folder doesn't work. so WHICH files need to be in base and what else do we have to do!?
Thanks in advance
K.I.T.T. Mace {L}
We have a problem with a player called "boxer". He crashes our servers many times with the crash "Info string length exceeded". I think your fix should get this problem, too, but it doesn't work for our servers. Could you pls explain me more detailed, what we have to do with your files. We have both fixes, the first and the second version. I would be really happy if you contact me via e-mail or give me a detailed explanation, what we have to do after downloading it cause simply extract it into base folder doesn't work. so WHICH files need to be in base and what else do we have to do!?
Thanks in advance
K.I.T.T. Mace {L}
Re: BaseJKA Security Fix
The mod's main file, depending on server OS
Windows : basejka_Gamalls_fix_11.pk3
Linux : jampgamei386.so
goes into base. Reboot the server. That's it. The gamename should change to reflect the fact that the server is running the mod.
Of course that applies only for base servers, not japlus etc.
Please note that I have long retired from the JKA scene, and am completely out of touch with the new cracks which might affect it. Hell, even with the old ones, now....
Windows : basejka_Gamalls_fix_11.pk3
Linux : jampgamei386.so
goes into base. Reboot the server. That's it. The gamename should change to reflect the fact that the server is running the mod.
Of course that applies only for base servers, not japlus etc.
Please note that I have long retired from the JKA scene, and am completely out of touch with the new cracks which might affect it. Hell, even with the old ones, now....
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
{ Mods and Programs - Mods TES-IV Oblivion }
- K.I.T.T. Mace {L}
- Posts: 5
- Joined: Sat Jan 14, 2012 2:13 am
Re: BaseJKA Security Fix
ok we put it into base.
the server works but we can't connect to it because it shows us after connecting the error "Client/Server game mismatch: basejk-1/basejka-1"
so what do we have to change so that players can join?
and does your fix also works for the forcecrash "/set forcepowers ..." (don't want to explain it exactly because maybe noobs use it after reading it^^) ??
we already tried buffer overflow and it shows us in the server console "ANTICRASH (...)", so the fix against "jamsgbof" works!! =)
the server works but we can't connect to it because it shows us after connecting the error "Client/Server game mismatch: basejk-1/basejka-1"
so what do we have to change so that players can join?
and does your fix also works for the forcecrash "/set forcepowers ..." (don't want to explain it exactly because maybe noobs use it after reading it^^) ??
we already tried buffer overflow and it shows us in the server console "ANTICRASH (...)", so the fix against "jamsgbof" works!! =)
Re: BaseJKA Security Fix
Err... are you a jk2 or jk3 user ? My patch is for jk3 only.K.I.T.T. Mace {L} wrote:"Client/Server game mismatch: basejk-1/basejka-1"
edit: ok, strike the above; that message may mean that you use JKA 1.00 instead of the latest official version: 1.01. Old 1.00 cannot be patched, because the SDK is not available. (well it can, but it's orders of magnitude harder to patch binaries than source code, so nobody is going to do it).
Yes, in the latest version (1.1a, I think). There is a whole topic about that.K.I.T.T. Mace {L} wrote:and does your fix also works for the forcecrash "/set forcepowers ..." (don't want to explain it exactly because maybe noobs use it after reading it^^) ??
viewtopic.php?f=3&t=356
That's the version you should use anyway, it has all the fixes of previous versions.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
{ Mods and Programs - Mods TES-IV Oblivion }
- K.I.T.T. Mace {L}
- Posts: 5
- Joined: Sat Jan 14, 2012 2:13 am
Re: BaseJKA Security Fix
oh damn...i thought BaseJKA is 1.00 (because of BASE^^)...ok then no fix for us =D
we didn't want to update cause we have Knights of the Force, too, which is 1.01, but our problem is, that we can create a server, but it's not online and we don't know why...
we didn't want to update cause we have Knights of the Force, too, which is 1.01, but our problem is, that we can create a server, but it's not online and we don't know why...
Re: BaseJKA Security Fix
No, basejka is jka without mods. Version 1.00 is long deprecated and nobody should be using it.
1° update your server to 1.01. It will disappear from 1.00 master lists, of course.
2° update your client to 1.01. It won't see 1.00 servers anymore, but will see 1.01 servs. Including your own.
3° Optionally, add mods, such as my fix, KotF, JA+ etc. They only work with 1.01.
I don't understand what you're saying here. KotF should be completely irrelevant to the discussion, it's yet another mod.K.I.T.T. Mace {L} wrote:we didn't want to update cause we have Knights of the Force, too, which is 1.01, but our problem is, that we can create a server, but it's not online and we don't know why...
1° update your server to 1.01. It will disappear from 1.00 master lists, of course.
2° update your client to 1.01. It won't see 1.00 servers anymore, but will see 1.01 servs. Including your own.
3° Optionally, add mods, such as my fix, KotF, JA+ etc. They only work with 1.01.
{<§ Gamall Wednesday Ida §>}
{ Mods and Programs - Mods TES-IV Oblivion }
{ Mods and Programs - Mods TES-IV Oblivion }
Who is online
Users browsing this forum: No registered users and 312 guests