0.3.8 Security Issue

[Misomir]

It mustn't be RAT,it could be ANYTHING,!!

[SlowARG]

Quote:

Originally Posted by maksicnm

ITS A REASON CUZ THERE IS NO LINUX VERSION OMFG -_-

0.3.8 will certainly not be for a longer period of time on Linux because it is possible to insert a RAT virus into a file and destroy someone who enters the server, so the current version of Windows is currently running and who can run over it server players can enter that server if they believe in it server, the update is well done, I have been planning to let this be among many others in order to improve the launcher for models, it would be nice if this would be released to the end, along with all the vehicles and other things (antique type and so )

Quoted from Balcan forum.

Aren't you serius, really?

[maksicnm]

Learn programing, thx

[MyU]

Calm it down.
IF then you're only able to drop non-dff files, SA-MP itself doesn't treat it as a executable.

Like I said the only apparent way would be some sort of exploit in the file format itself to execute arbitrary code like we had on the TD system back then.

[cuber]

Scared to death, omg what me gon do

[Misomir]

Hmm...maybe ur right...But still i wanna test it

[SlowARG]

Quote:

Originally Posted by ******

Therefore certain checks could possibly be skipped, because it was known that all the objects were always valid. Without those checks in place, a well crafted model could MAYBE inject code.

I remember a bug in MTA custom models parser.
However, all .txd and .dff files are renamed when downloaded, so isn't a problem at all. Maybe RCE could exists.

Quote:

Originally Posted by maksicnm

Learn programing, thx

Oh man, really? Stop saying st**ids things please.

[cuber]

Quote:

Originally Posted by Misomir

Hmm...maybe ur right...But still i wanna test it

What's up with this now, since ****** replied.

Quote:

Originally Posted by maksicnm

Learn programing, thx

[Misomir]

I still believe in MY theory cuz i think SAMP is opening em comlete but maybe it isnt.

[SlowARG]

Quote:

Originally Posted by ******

A bug in a parser is not the same thing as just executing an EXE wholesale. I've even heard of bugs in the parser for reading .DOC files in Word - that doesn't make them EXEs, and trying to open an EXE in word won't execute it.

Just read. I'm not saying this, i agree with you in all of my comments...

I said that i remember a bug in the parser that leads to RCE.

Regards.