[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games
From: houkouonchi@xxxxxxxxxxxxxx
Date: Wed, 7 Jul 2010 08:48:46 -0600

Have you tried some of the patches listed on this page?

http://aluigi.altervista.org/patches.htm#quake3

Maybe specifically?

http://aluigi.altervista.org/patches/q3rconz.lpatch
Quake 3  engine RCON half-second limit disabler (Windows and Linux) 0.1.2b
(q3rconz)
this patch disables the anti-bruteforcing check in the games that  use the 
Quake 3 engine for avoiding the Denial of Service (admins can't  use RCON) 
caused by the flooding of rcon packets (more info in the  file)
anyway remember that disabling this limitation naturally has  other negative 
sides effects like faster rcon brute forcing, so remember  to choose a strong 
rcon password

The other option is to ban players by iptables firewalling. I have a 
web-interface that does this as I was limited by the number of IPs that were 
able to be banned on a q3 engine based game (like 32).

Prev by Date: DeepSec 2010 - Call for Papers - REMINDER
Next by Date: DCP-Portal Multiple XSS Vulnerabilities
Previous by thread: Re: Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games
Next by thread: Xlight FTPd Multiple Directory Traversal in SFTP
Index(es):
- Date
- Thread