Raised This Month: $12 Target: $400
 3% 

Security Exploit in UAIO Binary


Post New Thread Closed Thread   
 
Thread Tools Display Modes
Author Message
BAILOPAN
Join Date: Jan 2004
Old 01-28-2008 , 11:14   Security Exploit in UAIO Binary
#1

It has recently come to our attention that there is an exploited copy of the "UAIO" (Ultimate All-In-One) Plugin being distributed in the wild. It is a special build of UAIO that does not match the original source code, and has been hand-crafted such that any user knowing a secret command can become an administrator.

This incident involves a malicious copy of UAIO that has a secret backdoor. UAIO and AMX Mod X are otherwise normally secure.

In order to protect our users we have released a tool to check your copy of UAIO:

http://www.amxmodx.org/uaio_check.cgi

Simply upload your uaio_admin.amxx file and it will tell you whether it has the exploit. Game Service Providers (GSPs) should check their client's installations.

UPDATE: We have traced this issue to the original UAIO author Robert J. Secord ("xeroblood," "SystemWisdom"), who had been distributing malicious binaries, probably so he could backdoor any server using his plugin. UAIO is currently maintained by Xanimos and thus its binaries are now safe! However, if you find any other software distributed by this person, I would think twice before using it. He clearly cannot be trusted.

This type of abuse is beyond unscrupulous. Under no circumstances is it ever acceptable to post exploited or backdoored binaries on our forums.

Additionally, we have collected a Steam ID of someone that has been using this exploit in the wild. I'm listing them and server operators in the community can decide if they want to blacklist them or not:
Code:
STEAM_0:0:13428340
If you have further questions, please do not hesitate to post them here. Obviously, if you post the actual exploit here, or publicly post any copies of the infected binary, you will be permanently banned.

I would like to thank sawce for finding the exploit, which was no easy task. I would also like to thank Roach who kept this issue alive despite naysaying from yours truly.

Thanks for your support.
__________________
egg

Last edited by sawce the snail; 01-28-2008 at 20:03. Reason: fixed steamid
BAILOPAN is offline
chris
Senior Member
Join Date: Mar 2007
Location: America
Old 01-28-2008 , 12:22   Re: Security Exploit in UAIO Binary
#2

Oh my god.
__________________
chris is offline
Send a message via AIM to chris
Arkshine
AMX Mod X Plugin Approver
Join Date: Oct 2005
Old 01-28-2008 , 12:30   Re: Security Exploit in UAIO Binary
#3

Oh, you're right.


I've searched for an old copy on my computer and I've found one ( 1.51 ) ; [ created : friday 6 october 2006, 00:281 | Modified : friday, 15 september 2006, 140:25 ]

Into the package, the UIAO binary file ; [ created : friday 6 october 2006, 00:281 | Modified : sunday 19 august 2006, 01:50:09 ]


As far I remember, I've always downloaded the package from the original topic. ( not a big deal in my case since I'm used to always recompile plugin )

I don't get how the original package has been modified. -_-
__________________

Last edited by Arkshine; 01-28-2008 at 12:53.
Arkshine is offline
Roach
Writes love letters to sawce Daily
Join Date: Jul 2006
Location: Internet
Old 01-28-2008 , 12:50   Re: Security Exploit in UAIO Binary
#4

The package on the site right now (v1.51 and 1.50) are fine and exploit free, as Bail stated. This will end up making a SLIGHT change in policy as far as closed source .amxx plugins go (for those who are closing off exploits in mods), but that will be announced later on.

We would ALL like to thank the server owners and admins who noticed this and sent us the logs and Steam-Id's of those who were exploiting this. Luckily, there were only a few VERY isolated issues of this that were reported. Giving us those logs and folders gave us the missing pieces of the puzzle that finally allowed sawce to have his ah-ha moment...after, of course, I accused him of screwing something up.

Also, if needed I'm a good character actor and I do parties, and can extract information as needed from people when requested. Please contact if you would like my services.
__________________
Quote:
Originally Posted by Brad View Post
That sounds like a really good idea!
Now replace the word "good" with "dumb".
What was your rationale for proposing such a thing?
Roach is offline
sawce
The null pointer exception error and virtual machine bug
Join Date: Oct 2004
Old 01-28-2008 , 14:28   Re: Security Exploit in UAIO Binary
#5

Hey roach, remember that time when you were all "hey its your fault fix it" and I was all like "liar" and you were all like "nuh uh fix it" and I was all like "no you fix it".

Yeah. Good times.
__________________
fyren sucks
sawce is offline
Pro Patria Finland
Senior Member
Join Date: Apr 2006
Location: BaronPub.com
Old 01-28-2008 , 14:46   Re: Security Exploit in UAIO Binary
#6

Finally found? Awesome awesome.

Good job.
__________________
I am not a number. I am Gordon Freeman!
Pro Patria Finland is offline
Roach
Writes love letters to sawce Daily
Join Date: Jul 2006
Location: Internet
Old 01-28-2008 , 15:37   Re: Security Exploit in UAIO Binary
#7

Quote:
Originally Posted by sawce View Post
Hey roach, remember that time when you were all "hey its your fault fix it" and I was all like "liar" and you were all like "nuh uh fix it" and I was all like "no you fix it".

Yeah. Good times.
And remember the time you were like, "It's your birthday?" and I was all like, "Yeah!" and you were like, "I'll send you money for a beer!" and you never did?

Yeah, bad times there. .
__________________
Quote:
Originally Posted by Brad View Post
That sounds like a really good idea!
Now replace the word "good" with "dumb".
What was your rationale for proposing such a thing?
Roach is offline
PM
hello, i am pm
Join Date: Jan 2004
Location: Canalization
Old 01-28-2008 , 16:19   Re: Security Exploit in UAIO Binary
#8

Congrats!

I would never have thought that this would happen, and not at all that xeroblood would do it :-O
__________________
hello, i am pm
PM is offline
[kirk]./musick`
Senior Member
Join Date: Jun 2007
Location: Tampa, Florida
Old 01-28-2008 , 17:28   Re: Security Exploit in UAIO Binary
#9

Wow, thanks a lot for the information! Very interesting.
__________________
[kirk]./musick` is offline
Send a message via AIM to [kirk]./musick`
IdiotSavant
Senior Member
Join Date: Apr 2006
Old 01-28-2008 , 17:41   Re: Security Exploit in UAIO Binary
#10

Would there be any way to check his other plugins? I use the rs_swearfilter written by xeroblood and I love the way it works. Can you set up a test for this file as well?
__________________
IdiotSavant
"Make something idiot proof and they just build a better Idiot."

Like GunGame? Visit www.gungame.org today!
Earn Admin just by playing at GunGame.Org Servers!

Come visit our GunGame.Org server at 174.34.146.107:27015
IdiotSavant is offline
Closed Thread


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 17:31.


Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Theme made by Freecode