File upload exploit fix - Page 4

thetwistedpanda · 08-21-2009 , 19:28 Re: File upload exploit fix

No love for CS:S. Damn you Valve!

DaFox · 08-21-2009 , 20:16 Re: File upload exploit fix

Quote:

Originally Posted by thetwistedpanda

No love for CS:S. Damn you Valve!

Or Episode 1 mods.. This is horrible that they are not supporting it even in light of major exploits like this.

Kigen · 08-22-2009 , 17:41 Re: File upload exploit fix

Well, a more complex temporary work around that I'm doing is using Windows file permissions to lock down the files and places that srcds shouldn't be altering.

Of course the only people who can do this are people who have complete control of their box. (i.e., dedicated hosting)

NouveauJoueur · 08-23-2009 , 08:52 Re: File upload exploit fix

Under linux you can use chmod to protect sensitive files, but some folder need to be able to receive new files, or write already existing files (logs, sqlite, ...) And if you need to change write rights each time you want to add something in server.cfg, admins_simple.cfg, it'll take longer too.

violentcrimes · 08-25-2009 , 15:46 Re: File upload exploit fix

Anyway to make it to where it will allow sourcebans to write? Maybe add a config for allowed IPs?

thetwistedpanda · 08-25-2009 , 22:19 Re: File upload exploit fix

http://store.steampowered.com/news/

PHP Code:


			
Updates to Counter-Strike: Source have been released. The updates will be applied automatically when your Steam client is restarted. The specific changes include:

Engine

Fixed an exploit that allowed files to be uploaded to the server at arbitrary locations in the file system
Fixed a server crash caused by a client packet claiming to be an HLTV client when HLTV is disabled on the server
Fixed a server crash caused by spoofing a client disconnect message
Fixed a server crash caused by sending malformed reliable subchannel data

Counter-Strike: Source
Novint Falcon support is now enabled by default