Security Exploit Fix to Implement in Metamod

  • PulsateX

    PulsateX - 2005-03-13

    I hope you guys can update metamod to compensate for the same fix in Natural Selection.

    • Florian Zschocke

      I'm sorry, I don't understand what you mean. Could you please elaborate some?

    • PulsateX

      PulsateX - 2005-03-13

      With the recent final release of Natural Selection v3, there is a server side exploit.
      This is fixed by the release of v3.01.
      But when using Metamod instead of the NS dll (this was the updated item), the exploit is still exposed when using Metamod.

    • Florian Zschocke

      I'm sorry, but I am unable to assess the problem here. I understand that NS has released 3.0 and 3.01 as a patch. Checking the server files I see that it uses the 'ns' game directory again. The dll name has not changed. As such I don't see that 3.0 should behave any different under Metamod than 3.01.

      If the exploit was somehow triggered by Metamod, which I doubt since they acknowledged and fixed it independantly, then I can't do anything about it without detailed information about the exploit and it's conjunction with Metamod from the NS developers.

      Please make sure that your installation loads the correct NS dll file through Metamod, e.g. by checking the Mod version in the logs if that is provided. If you see the exploit still working even when v3.01 gets loaded by Metamod, please provide me with detailed information on how to reproduce and exploit it. You may do so by emailing me directly instead of posting it to this thread.


    • Jussi Kivilinna

      Jussi Kivilinna - 2005-04-21

      He came to Metamod-P forums asking same thing. Obviously he thinks that ns.dll is not used when metamod.dll is loaded.

      So he is asking: metamod server loads metamod.dll instead of ns.dll, so when ns.dll updated, servers using metamod.dll remain broken, right?


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks