Author Topic: 2015/07/01 - Blockland r1966 (Read 115159 times)

Badspot · July 01, 2015, 07:59:01 PM

r1966

Fixed issue where you could travel through a teledoor before it is removed by the build trust check
Fixed vehicles not burning (both client and server will have to be running r1966)
Fixed certain timescale/framerate combinations causing the game to freeze
Fixed coverage issue on ModTer 8x CornerA brick
Fixed crash when player type has no animations
You can no longer execute files named "Support_AdminEvents.cs" - this user created script was used in several other add-ons and contained an eval injection vulnerability which would allow an attacker to execute arbitrary script code on the server. Note: this was not a malicious script, it was simply poorly coded and could be exploited to attack the server.

These add-ons are known to have contained the vulnerable script:
- Server_ServerMusic
- Support_Rendermen
If you hosted a server with using these add-ons, you should change admin password (if you use one). You may also want to check over your Blockland files as an attacker could have modified them. I am not sure if any persistent attack was deployed, but you could search your Blockland folder for .cs files, sort by modified date, and check over the latest ones to be sure.

r1967

Vulnerable Support_AdminEvents.cs script now blocked by CRC instead of filename

Ad Bot · Advertisement

Aidan10 · July 01, 2015, 08:00:31 PM

Thank's badspot.

Headcrab Zombie · July 01, 2015, 08:00:34 PM

Quote from: Badspot on July 01, 2015, 07:59:01 PM

You can no longer execute files named "Support_AdminEvents.cs" - this user created script was used in several other add-ons and contained an eval injection vulnerability which would allow an attacker to execute arbitrary script code on the server. Note: this was not a malicious script, it was simply poorly coded and could be exploited to attack the server.

This was originally made by me, and is a perfectly legitimate script; the version contained in my add-ons does not contain this vulnerability

Can you CRC block the bad one? If not, you've fixed one problem but caused another: ACTUALLY IM GOING TO SNIP THAT BEFORE PEOPLE GET MORE IDEAS and PM it to Badspot instead

More info here: http://forum.blockland.us/index.php?topic=281466.msg8429720

Renekar · July 01, 2015, 08:03:02 PM

coolio

PurpleMetro · July 01, 2015, 08:06:06 PM

Sweet, thanks.

Eden · July 01, 2015, 08:12:29 PM

Nice.

MrLoL² · July 01, 2015, 08:12:53 PM

Awesome, thanks

Badspot · July 01, 2015, 08:18:48 PM

Quote from: Headcrab Zombie on July 01, 2015, 08:00:34 PM

Can you CRC block the bad one?

Working on it.

Headcrab Zombie · July 01, 2015, 08:20:08 PM

Awesome, thanks

startacker · July 01, 2015, 08:32:48 PM

Turns out I had both add-ons with vulnerabilities, thanks badspot

Starkiller · July 01, 2015, 08:54:35 PM

thanks

Czar · July 01, 2015, 08:54:53 PM

Night_Hawk · July 01, 2015, 09:01:01 PM

We've been saved!

Epicduke · July 01, 2015, 09:03:34 PM

Thanks badspot

Kirze · July 01, 2015, 09:04:27 PM

Holy stuff an update

What year is it again?