Backdoor in Quake?
Moderator: InsideQC Admins
4 posts
• Page 1 of 1
Backdoor in Quake?
by jim » Wed Apr 02, 2008 10:56 pm
Check this: http://insecure.org/sploits/quake.backdoor.html
Is this true? Has it been fixed in some new engines? Has anyone ever exploited it?
Is this true? Has it been fixed in some new engines? Has anyone ever exploited it?
zbang!
-
jim - Posts: 599
- Joined: Fri Aug 05, 2005 2:35 pm
- Location: In The Sun
by Spike » Thu Apr 03, 2008 1:17 am
This vulnerability is present in Quake 1, QuakeWorld,
Quake 2, Quake 2 Linux and Quake 2 Solaris, all versions.
Quake 1 (if destinct from QuakeWorld) does not support rcon. Thus this exploit cannot possibly work on quake 1 (aka. netquake).
No such backdoor is present in any of the officially released source code. No (legal) custom/gpled engines contain this backdoor.
I have never really investigated whether id's builds contain this backdoor or not. Nor do I feel it to be relevent (except for ID's reputation). ID's quakeworld servers are fairly bug-ridden and lack most of the features taken for granted. Go count how many QuakeWorld 2.33 servers there are. There are many ways to get them to collapse using 'corrupt' packets too. Use a custom engine regardless of whether id builds have backdoors - with the client open source, its trivial to write exploit code for 'minor-but-fatal' bugs.
ID's Quake2 servers are more common than ID's QuakeWorld servers, but due to the hideous gamecode api bugs, you'll find few ID-built quake2 servers around too.
Present or not, gpled engines are safest if you care about the security of your server - they have more bug fixes and no backdoors that I'm aware of, and even less if you compile it from source yourself.
- Spike
- Posts: 2892
- Joined: Fri Nov 05, 2004 3:12 am
- Location: UK
by FrikaC » Thu Apr 03, 2008 3:20 am
Deja Vu
Edit: Now that I think about it, it's really weird that he includes a program to show that it does work, presumably he tried the program. I mean if you're just going to fling false accusations you wouldn't want to waste this much time. Maybe it DID work on version XYZ and he failed to try it out on all versions for three completely different games as he claimed, instead assuming they were all the same under the hood. It would be cool to narrow down what version actually has this backdoor so people would stop worrying about it.
Also the RepSec company he worked for seems to have dissapeared off the internet entirely and their domain cybersquatted. Perhaps releasing fake/misleading security reports made them implode.
Edit: Now that I think about it, it's really weird that he includes a program to show that it does work, presumably he tried the program. I mean if you're just going to fling false accusations you wouldn't want to waste this much time. Maybe it DID work on version XYZ and he failed to try it out on all versions for three completely different games as he claimed, instead assuming they were all the same under the hood. It would be cool to narrow down what version actually has this backdoor so people would stop worrying about it.
Also the RepSec company he worked for seems to have dissapeared off the internet entirely and their domain cybersquatted. Perhaps releasing fake/misleading security reports made them implode.
- FrikaC
- Site Admin
- Posts: 1026
- Joined: Fri Oct 08, 2004 11:19 pm
by Spirit » Thu Apr 03, 2008 8:04 am
One thing that might be worth investigating/fixing is the happiness of many engines to crash with buffer overflows when loading something they don't like (like really heavy maps). I am not that much into security things but afaik buffer overflows are an easy target for inserting evil code.
Improve Quaddicted, send me a pull request: https://github.com/SpiritQuaddicted/Quaddicted-reviews
- Spirit
- Posts: 1031
- Joined: Sat Nov 20, 2004 9:00 pm
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest