Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 169563 - games-fps/enemy-territory: security update for Enemy Territory?
Summary: games-fps/enemy-territory: security update for Enemy Territory?
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B? [upstream+]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-03-06 02:31 UTC by Thomas Sachau
Modified: 2016-02-20 06:01 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Sachau gentoo-dev 2007-03-06 02:31:15 UTC
I found this [1] information about a security problem in ET server and a bugfix for this problem. Perhaps someone can review it and add it to the ET ebuild if the info is right?

[1] = http://www.punksbusted.com/forums/index.php?showtopic=33939

Reproducible: Always
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2007-03-06 14:20:21 UTC
games, please have a look
Comment 2 Chris Gianelloni (RETIRED) gentoo-dev 2007-03-07 04:16:14 UTC
Any way you can post the details so I don't have to register for that forum?
Comment 3 Thomas Sachau gentoo-dev 2007-03-07 18:07:02 UTC
Sorry, i did not see that you are not allowed to watch that thread. The main info should be in [1]. [2] is called a fix for the etpro mod only.

[1] = http://www.punksbusted.com/omnix/et260b_serverfix.tar.gz
[2] = http://www.punksbusted.com/omnix/wsfix.lua
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-03-09 21:32:05 UTC
that's not very clear

can you provide a diff or something or copy/paste the relevant lines from the forum? Is the issue fixed upstream ?


Please note that there is still bug 135645 not fixed yet.
Comment 5 Stefan Cornelius (RETIRED) gentoo-dev 2007-03-09 21:47:44 UTC
after having a short look while being drunk, this looks like a 3rd party hack (of a gentoo user - cheers!) to prevent exploitation. this may work very well, but requires someone to check this in depth, probably involving time consuming binary analysis etc. also, there may be some license issues (but given the large modding community, this is not very likely).
Comment 6 Thomas Sachau gentoo-dev 2007-03-10 01:20:43 UTC
The mentioned bug is client side. This is serverside only. This [1] is the only information i got for this patch at the forum.

[1] = http://www.tommyserver.de/et.php
Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev 2007-09-11 11:26:56 UTC
changing product/component

please file security bugs in the Gentoo Security product
Comment 8 Thomas Sachau gentoo-dev 2007-09-23 13:22:34 UTC
etpub-0.8.1 includes a fix for this, so server with actual etpub-mod should not any more be affected.
Comment 9 Chris Gianelloni (RETIRED) gentoo-dev 2007-09-23 20:02:05 UTC
Is there a fix that doesn't require a complete mod?  I haven't found one, but I'd gladly add one to the ebuild if there was one.
Comment 10 Thomas Sachau gentoo-dev 2007-09-23 20:43:44 UTC
I only know the file from [1] in my comment #3, which after compilation has to be preloaded before loading the game itself should prevent the exploits (as written in the included file and stated in [1] from my comment #6).

Btw, ID did release the source code, if that helps anyone.
Comment 11 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2007-11-06 02:18:39 UTC
Hi,

well I can't provide a fix but some more information from etpro-mod forum:

http://bani.anime.net/banimod/forums/viewtopic.php?t=6777

They recommend usage of a lua script to fix this stuff but I don't know if this works with other mods than etpro. 
Of course I'd rather see a fix for enemy-territory itself. Something like a 2.61 patch would be quite handy ;)

Cheers
Comment 12 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-07 10:17:15 UTC
Any news here? Either we include the 3rd party hack, either we p.mask until we have a better solution... games herd?
Comment 13 Chris Gianelloni (RETIRED) gentoo-dev 2008-04-08 22:01:58 UTC
Sorry that this is taking so long.  I've not forgotten about it.  I'm just swamped with 2008.0 stuff.  I see no reason why we cannot simply mask it for the time being.
Comment 14 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 01:56:26 UTC
@games: whatever the security problem was, the website is no longer accessible. Mask it or close the bug WONTFIX. Your call.
Comment 15 Jonas Stein gentoo-dev 2013-12-22 19:18:06 UTC
may be its is a duplicate of https://bugs.gentoo.org/show_bug.cgi?id=82149
Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2016-02-20 06:01:16 UTC
super old bug.  package has already been masked for quite some time