Towncivilian Posted April 29, 2010 Share Posted April 29, 2010 (edited) NOTE: Server Patch 1 Hotfix includes this workaround by default. You can download Server Patch 1 Hotfix here. You do not need to update to Server Patch 1 Hotfix if you have already applied this workaround. A Linux repackage of Server Patch 1 with this workaround applied will be up soon. Linux server operators: if you have installed the Server using the binary (mta05_server_linux.bin) and not previously applied this workaround, you must apply this hotfix or the workaround described below. !!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!! The guys over at bugtraq discovered a critical bug in the currently released MTA 0.5.x dedicated servers. The bug involves an admin exploit that can be used by a malicious user to gain access to the "Set MOTD" administration command, that is used to modify the MOTD.txt (Message Of The Day) file. The exploit can then be used to crash the dedicated server. The affected platform is Microsoft Windows. The bug still exists on all other platforms, but is currently not exploitable. !!! CRITICAL: We strongly recommend anyone running a dedicated server to apply the fix below. !!! Quick fix To fix this exploit, the "motd.txt" file, located in the server directory, will have to be set to read-only. Deleting motd.txt will NOT fix the problem! Please follow the steps for your server platform. Quick fix :: Microsoft Windows Change the "motd.txt" file attributes to Read-only. 1. Open up Windows Explorer and navigate to your server directory 2. Right click on motd.txt and select Properties 3. Under Attributes (below), make sure the Read-only box is ticked, like so: Quick fix :: *nix platforms Chmod your "motd.txt" file to 444, read-only mode. 1. cd /path/to/your/server/directory 2. chmod 444 motd.txt Edited July 29, 2010 by Guest Link to comment
Recommended Posts