How secure is MCServer?
#1
Question 
With the recent OpenSSL vulnerability arising out of a failure to verify a length, I wonder, how secure is MCS?

Do we have any similar vulnerabilities that will allow someone to change their permissions? Modify webadmin settings? Explode the server? Explode the actual server? Explode the datacentre? Explode the country of the datacentre?

Has anyone ever used this emoticon? Angry
Reply
Thanks given by:
#2
I'm afraid we have way too many of such vulnerabilities, but I highly doubt any of them would do much more than crash the server. Most of the protocol stuff is really brittle, it just assumes that the client is sending the correct data with reasonably-limited sizes.
Reply
Thanks given by:
#3
What about Heartbleed, MC edition?

[Image: Heartbleed_Nightmare.jpg]
Reply
Thanks given by:
#4
[Image: f7877e57_faceWUT.jpeg]
Reply
Thanks given by:
#5
If you concerned about heartbleed style bugs log into coverity. They have a developed a checker for heartbleed style bugs in the aftermath so other projects can check for them. We currently have 7 outstanding places where we do exactly what went wrong in heartbleed.

If you want to fix them Wink
Reply
Thanks given by:
#6
(06-13-2014, 05:13 AM)worktycho Wrote: If you want to fix them Wink

feature not bug

In all seriousness, where is this checker?
Reply
Thanks given by:
#7
The checker is called tainted scalar. The bug categories are untrusted value in loop bound and untrusted value as argument.
Reply
Thanks given by:
#8
Useful information, thanks everyone.

Perhaps there should be a "known vulnerabilities" article somewhere.
Reply
Thanks given by:
#9
These are not known vulnerabilities. There know potential vulnerabilities. They don't become known vulnerabilities until someone works out how to exploit them.
Reply
Thanks given by:
#10
Call them what you want, "Potential vulnerabilities" is also fine to me.

"They don't become known vulnerabilities until someone works out how to exploit them. "

That's just plain terminology. Firefox lists your definition of "potential vulnerabilities" as "known vulnerabilities".
Check this out: https://www.mozilla.org/security/known-v...refox.html
Most -and maybe all- of these don't have a ready-to-use exploit, yet they're "known".

Like I said, I don't mind what you call them.
Reply
Thanks given by:




Users browsing this thread: 6 Guest(s)