Security vulnerabilities in Armagetron Advanced 0.2.8

All 0.2.8 beta and release candidate versions of Armagetron Advanced and 0.2.8.0 itself are vulnerable to file path related attacks. Versions 0.2.7.1 and earlier lack the features that introduce the vulnerability and are safe.

There are two attack scenarios: In the first, a malicious server administrator can use a forged MAP_FILE path to inject files in arbitrary places on the clients as long as no file already exists there. This has been fixed in version 0.2.8.0. In the second scenario, a malicious remote server administrator can read partial content of every file the server has access to. Whole private ssh and gpg keys can be read. This vulnerability has been closed in 0.2.8.1.

All users of version 0.2.8 should upgrade to 0.2.8.1.

No workaround is known for the first attack. A workaround for the second attack is to disable the remote admin interface by setting ADMIN_PASS to NONE. This is the default setting.

On related news, Armagetron Advanced version 0.2.8, codename Artemis, is out! It introduces arenas of arbitrary shape, more than four driving directions for the cycles and the fortress game mode. Performance has been improved, tons of bugs have been fixed and the gameplay is more configurable than ever. The current release is 0.2.8.1, get it from our download page at http://www.armagetronad.net/downloads.php.

Posted by Manuel Moos 2013-04-06