R4P3 TeamSpeak Server Crash [ till 3.0.12.4-Beta 1 ]

[Supervisor]

Now a little bit of storry first:
We contacted TeamSpeak on 2/March that we did find a new vulnerability in TeamSpeak Server 3.0.12.2. Since they released 3.0.12.3 today, they might think they're secure. Well, as you can see below... they are really not.
We will release the exploit in about one week if TeamSpeak doesnt reply to our Email. (Only reply, not fixing anyting). Seems fair to me.

So here you've got the PoC video for version 3.0.12.3, released today (4/March/2016). The video only shows 3.0.12.3, but it also works for all versions below 3.0.12.3

Credits go to: @Kaptan647 @Derp @ehthe @Asphyxia @Supervisor


/Update: TeamSpeak did reply to us, so we might not release the exploit in one week. We'll see.

/Update2:

The priority of security for TeamSpeak software has been addressed with the utmost importance and has now been recegnized by TeamSpeak and the R4P3 staff. As the R4P3 staff we feel it's in the best interest for the security of teamspeak software to not publicly disclose the informations as of right now.

 

[kingston]

Not again

 

[0x0539]

That moment when you think they fixed it before you guys released it... Just kiddin'.

 

[Laszl0w]

Nice job,well done Supervisor

 

[xuso15]

Awesome supervisor =)

 

[xPRoTeiNN]

Soo as we expected

edit: what is the name of song ?

 

[dino94]

The Gods from R4P3

 

[0x0539]

Soo as we expected

edit: what is the name of song ?

Watch the video.

 

[applestar]

Nice crash , will be waiting crash and fix . R4p3.net forever !

 

[dino94]

How can get this crash ?

We will release the exploit in about one week if TeamSpeak doesnt reply to our Email. (Only reply, not fixing anyting). Seems fair to me.

 

[Anonims]

The Goods from R4P3 $$$

 

[Bluscream]

You should release the mail from Teamspeak!

 

[sedommm]

may you patch 0.3 server ?

 

[EscuderoKevin]

We wait Crash and fix Thanks Supervisor ♥ WP.

 

[mgrm47]

wow gj R4P3 <3

 

[lolopolo18]

wow your team is so nice

 

[swarmdeco]

Good job! and thank you for [1]. It's a shame that TS3 does not take their security seriously, it's the main choice of a lot of Gamers and communities.

- Swarm!

[1] https://en.wikipedia.org/wiki/Responsible_disclosure

 

[Bluscream]

Before:

After:

 

[Bluscream]

=== Server Release 3.0.12.3 4 march 2016
- fixed an other server crashes on malicious input

=== Server Release 3.0.12.2 15 feb 2016
- fixed more server crashes on malicious input
- reduced memory use

=== Server Release 3.0.12.1 9 feb 2016
- fix 2 server crashes on malicious input
- fixed file stat bugs on windows xp
- fixed logview command returning utf8 byte order mark

=== Server Release 3.0.12 26 jan 2016
+ added "virtualserver_min_android_version" and "virtualserver_min_ios_version" to specifically
set the minimal allowed client versions for android and ios on the server.
+ added "-mapping" to the serversnapshotdeploy command. This optional parameters will add a mapping
of the old and new channelid's in the return
+ Grouped several SQL queries together into one statement which improves performance
- fixed clientdbfind command returning false entries
- fixed some hangs after heavy network io on linux/freebsd/osx
- fixed issue with clientinfo command
- fixed crash when (automatically) deleting a channel
- fixed tsdnsserver libc++ issue on Linux
* The server will now print a warning if the locale is set to "C"
* Replaced Server query manual pdf file with a html version
* Unsigned variables (client/server/instance etc) now only accept positive values and -1 (synonym
for maximum value). Other negative values result in conversion error.
* Serverquery manual fixes
* Made a small change to the way the server handles the initialization protocol
! Removed "virtualserver_max_upload_total_bandwidth" and
"virtualserver_max_download_total_bandwidth" from the server template if the value was "-1"
! The server binaries file names now do NOT have the platform suffixes any more. They are all
called "ts3server"
! The OSX version is now 64 bit only. OSX 10.7 is now the minimum supported version.
! Some SQL queries changed or added. If you use custom SQL queries, please take note of this.
! The minimum supported FreeBSD version for the server is 10.1 from now on. Release 3.0.13 (next)
will need a libc++ from ports/pkg or FreeBSD 10.2.

Last 4 updates are R4P3 related hahaha DD

 

[0x0539]

Last 4 updates are R4P3 related hahaha DD

The fifth will be too lol.