Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Bienvenue Guest!

Rejoignez la communauté pour avoir accès à l'entièreté du site! Une fois que vous serez enregistré, vous pourrez créer, aider, partager et discuter avec les membres de la communauté et également participer à l'amélioration du site. Alors, qu'attendez vous ? Enregistrez-vous !

Sign in to follow this  
FiveM

FiveM Security Advisory - 2019-01-02

Recommended Posts

FiveM

@plumbum wrote:

A vulnerability in the FiveM FXServer remote console code could allow an unauthenticated remote attacker to cause a C++ exception, resulting in a denial of service (DoS) condition.

This vulnerability is caused by an oversight in network packet parsing, and can be triggered by sending specially crafted UDP packets to any FiveM game server.

We have addressed this vulnerability in server releases starting at build 957 for Windows, however the corresponding Linux build is non-functional due to an unrelated bug - we’re working on a hotfix release in the feature/one-off-server-hotfix branch, and this post will be updated when it is available. You can tell what version you’re running by either:

  • Accessing https://host:port/info.json and checking the server field.
  • Running the version command in the server (remote) console.

Attackers are currently using this vulnerability in the wild, so it is practically required to upgrade your server instances to this version or higher (if available).

As a mitigation for Linux, if you do not rely on remote console commands, you can use the following iptables command to block input remote console packets:

iptables -A INPUT -m string --algo bm --hex-string "|ffffffff72636f6e|" -j DROP

CVSS score: 7.5 (High)

Posts: 4

Participants: 4

Read full topic

Afficher l’article complet

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...

Important Information

En utilisant ce site, vous acceptez les présents règlements Terms of Use, Privacy Policy,Guidelines.