Aller au contenu
Rechercher dans
  • Plus d’options…
Rechercher les résultats qui contiennent…
Rechercher les résultats dans…

FiveM Security Advisory - 2019-01-02

Messages recommandés


@plumbum wrote:

A vulnerability in the FiveM FXServer remote console code could allow an unauthenticated remote attacker to cause a C++ exception, resulting in a denial of service (DoS) condition.

This vulnerability is caused by an oversight in network packet parsing, and can be triggered by sending specially crafted UDP packets to any FiveM game server.

We have addressed this vulnerability in server releases starting at build 957 for Windows, however the corresponding Linux build is non-functional due to an unrelated bug - we’re working on a hotfix release in the feature/one-off-server-hotfix branch, and this post will be updated when it is available. You can tell what version you’re running by either:

  • Accessing https://host:port/info.json and checking the server field.
  • Running the version command in the server (remote) console.

Attackers are currently using this vulnerability in the wild, so it is practically required to upgrade your server instances to this version or higher (if available).

As a mitigation for Linux, if you do not rely on remote console commands, you can use the following iptables command to block input remote console packets:

iptables -A INPUT -m string --algo bm --hex-string "|ffffffff72636f6e|" -j DROP

CVSS score: 7.5 (High)

Posts: 4

Participants: 4

Read full topic

Afficher l’article complet

Partager ce message

Lien à poster
Partager sur d’autres sites
Ce sujet ne peut plus recevoir de nouvelles réponses.

  • Créer...

Information importante

En utilisant ce site, vous acceptez les présents règlements Conditions d’utilisation, Politique de confidentialité,Règles.