Dira derava aneb Jeste, ze nejsem paran
Petr Nachtmann
petrnach at natur.cuni.cz
Sat Dec 5 04:02:08 CET 1998
Na strance
http://www.insecure.org/sploits_microshit.html
jsem skoro neveril svym ocim:
ID games Backdoor in quake
Description:
ID software blatantly put a backdoor
in Quake 1/2 and QuakeWorld including both the Linux/Solaris Quake2. RCON
commands sent from the subnet 192.246.40.0/24 and containing the password
"tms" are automaticly executed on the server without being
logged.
(...)
Compromise:
root (remote)
Vulnerable Systems:
Those running Quake 1, QuakeWorld, Quake 2,
Quake 2 Linux and Quake 2 Solaris, all versions. Thus many Windows and
UNIX boxes are affected
(...)
Notes:
Quake was always a horrible
security hole, but I never thought Id would stoop to introducing an
intentional backdoor to allow them access to systems running Quake. I am
surprised this didn't get more publicity.
More information about the Smajlik
mailing list