Author Topic: 2015/07/01 - Blockland r1966  (Read 55696 times)

Badspot

  • Administrator
r1966

  • Fixed issue where you could travel through a teledoor before it is removed by the build trust check
  • Fixed vehicles not burning (both client and server will have to be running r1966)
  • Fixed certain timescale/framerate combinations causing the game to freeze
  • Fixed coverage issue on ModTer 8x CornerA brick
  • Fixed crash when player type has no animations
  • You can no longer execute files named "Support_AdminEvents.cs" - this user created script was used in several other add-ons and contained an eval injection vulnerability which would allow an attacker to execute arbitrary script code on the server.  Note: this was not a malicious script, it was simply poorly coded and could be exploited to attack the server.

    These add-ons are known to have contained the vulnerable script:
    • Server_ServerMusic
    • Support_Rendermen

    If you hosted a server with using these add-ons, you should change admin password (if you use one).  You may also want to check over your Blockland files as an attacker could have modified them.  I am not sure if any persistent attack was deployed, but you could search your Blockland folder for .cs files, sort by modified date, and check over the latest ones to be sure.  

r1967

  • Vulnerable Support_AdminEvents.cs script now blocked by CRC instead of filename
« Last Edit: July 01, 2015, 07:37:38 PM by Badspot »


  • You can no longer execute files named "Support_AdminEvents.cs" - this user created script was used in several other add-ons and contained an eval injection vulnerability which would allow an attacker to execute arbitrary script code on the server.  Note: this was not a malicious script, it was simply poorly coded and could be exploited to attack the server.
This was originally made by me, and is a perfectly legitimate script; the version contained in my add-ons does not contain this vulnerability

Can you CRC block the bad one? If not, you've fixed one problem but caused another: ACTUALLY IM GOING TO SNIP THAT BEFORE PEOPLE GET MORE IDEAS and PM it to Badspot instead

More info here: http://forum.blockland.us/index.php?topic=281466.msg8429720
« Last Edit: July 01, 2015, 07:12:13 PM by Headcrab Zombie »





Badspot

  • Administrator


Turns out I had both add-ons with vulnerabilities, thanks badspot





Holy stuff an update

What year is it again?