ViRGE
03-23-2005, 11:49 PM
For those of you not on the T:V server op mailing list (http://lists.matureasskickers.ne t/mailman/listinfo/tvservers), an exploit in T:V(or more appropriately, the GameSpy CD-key module) was finally uncovered a week or so ago (http://lists.matureasskickers.ne t/pipermail/tvservers/2005-March/000301.html) that allows malicious users to crash T:V servers. With the cancellation of the official patch, it's now become worth mentioning that security researcher Luigi Auriemma has released a patching utility for games with this vulnerability (http://aluigi.altervista.org/patches/gshboomfix.zip)(including T:V of course) which modifies your Engine.dll file to harden it against this attack. If you're currently running a server(either with a retail copy or dedicated server) and you have been encountering odd crashes or are concerned about them, you are encouraged to apply this patch.
All the usual disclaimers for a user-made patch apply, so it's not supported by VU or anyone else for that matter, it doesn't fix any other of the numerous exploits out there, and your mileage may otherwise vary, but this should help you keep your servers from being an easy target. The full text of the vulnerability for anyone interested can be found here (http://aluigi.altervista.org/adv/gshboom-adv.txt).
All the usual disclaimers for a user-made patch apply, so it's not supported by VU or anyone else for that matter, it doesn't fix any other of the numerous exploits out there, and your mileage may otherwise vary, but this should help you keep your servers from being an easy target. The full text of the vulnerability for anyone interested can be found here (http://aluigi.altervista.org/adv/gshboom-adv.txt).