Archived

This topic is now archived and is closed to further replies.

osm0sis

Another 1.6.1 exploit?

Recommended Posts

From a notable private tracker, ~4 days ago:

"1.6.1 was banned because ... we recently discovered a remotely (P2P) exploitable hole in it. The info on this exploit has been passed on to the developer, and we will not publish any further details on it."

Is this legit? If so, does this exploit affect the 1.8 code tree or just put the final nails in the coffins of 1.6.1 zealots?

Share this post


Link to post
Share on other sites

There are already standing exploits (probably previous to this one, but this could be already fixed) in 1.6.1 that have been fixed in current trees that will NOT be backported to 1.6.1

Regardless, 1.6.1 is less safe than 1.7.7 or the current 1.8.x development tree.

Share this post


Link to post
Share on other sites

Well I know that, but some sites are still holding out on 1.6.1 (with some more tinfoiled ones going so far as to ONLY allow it) so if there are any show-stoppers maybe a bit of publicity is in order?

Share this post


Link to post
Share on other sites

I don't think they should publicize things they fixed.. that's bad mojo.

The developers and staff know what HAS been patched, and if others have POCs in the wild exploiting this I don't think they'd stop the publicity here. Take for instance the 1.7.6 and 1.7.7 holes... the tester was kind enough to report the first bugs on the forum before being asked to report additional security vulnerabilities to the devs directly ;)

Keep in mind 1.6.1 is old OLD now. Even the old stable 1.7.5 has been phased out on 90% of the swarms I frequent. I'm happy knowing that as people use their grey matter they understand and conclude nothing negative has changed in the client over the last two development cycles and they eventually come to the conclusion newer is better for uT :D

Share this post


Link to post
Share on other sites

As you say the ones holding back are tinfoil-hat wearers... and don't deserve any notoriety except being seen as such.

They choose to outlaw a more secure and more importantly SUPPORTED version of uT. As it is any users requesting official help are either told to upgrade or to go to the site they got the old version of uT from for support. I can only imagine the extra load this places on the site's resources. Of course another possibility exists.. the trackers' admin(s) may just not like uT.

Share this post


Link to post
Share on other sites