On 10/8/08, Latif Khalifa <[EMAIL PROTECTED]> wrote: > On Tue, Oct 7, 2008 at 11:18 PM, Henri Beauchamp <[EMAIL PROTECTED]> wrote: >> On Tue, 7 Oct 2008 12:22:56 -0500, Soft wrote: >> >>> On Tue, Oct 7, 2008 at 11:35 AM, Henri Beauchamp <[EMAIL PROTECTED]> wrote: >>> > .../... >>> > Yet the sources and patches will not be published before LL publishes >>> > their own sources. >>> >>> Thank you, Henri. It's okay to publish now. >>> >>> http://svn.secondlife.com/trac/linden/changeset/1283 >> >> Ok, links to sources and patch published. The patch for v1.19.0.5 might >> be of interest to others, so here is the direct link: >> http://sldev.free.fr/patches/11905/slviewer-0-v11905-FileAccessSecurity.patch.bz2 > > Has support UDPBlackListed flag from message template been added to > that patch set? Its very important to include it too. I guess the > patch is: > > http://svn.secondlife.com/trac/linden/changeset/1202
Hi, Yep, that's important - it looks like the patch relevant to this exploit. I think I actually spotted this issue myself a year or so ago, but it looks like for some reason I never actually got around to reporting it; probably because I didn't have the ability to fake source addresses and therefore couldn't test it properly. (As soon as the exploit was described, I guessed this was it.) Whoops - sorry about that. Aidan. _______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
