Re: [ALERT!!!] Major back door in AScii PFiles!!!

From: Doppleganger Software (doppsoft@TZC.COM)
Date: 01/28/98

>A major back door has just been found.  It was exploited on my MUD, I
>finally discovered how it was done.
>Using this bug a player can take control of the MUD totally, wipe the imm
>char and replace it with their own version.

>The "solution" to this is to parse descriptions to be written to the
>file, replacing "~" with a blank space.

I saw this before I even installed it.  My solution was a little more
simple.  I set up certain fields (name, password, level) as specified
format.  Then, just sscanf them.  Also, another way is to have it save
desc before EVERYTHING in the save_char().

"One hundred years from now, none of this will matter because you and I
will be dead -- unless the Grim Reaper has switched his record-keeping to
a Windows 95-based system, in which case we all might live forever. "
-- Associated Press

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | |

This archive was generated by hypermail 2b30 : 12/15/00 PST