Become a premium member to remove ads
Search the Community
Showing results for tags 'exploit'.
Found 2 results
Hey, everyone! I think we're due for some updates as the holidays approach! New Hub First up - fitting with the holidays, we've introduced a brand new hub! That's right - not just a modified version of our current hub for the holidays, but a brand new hub. Not only that, but this new hub will continue to be in service after the holidays (with less snow and ice of course). After years of basically the same hub with minor tweaks, and continuously growing hubs, we wanted to take a step back and make a smaller, cozier hub. Along with that, we wanted to echo back to the earlier days of CU with the design - which is why the hub is once more in a biosphere. You old bois might remember that several old CU spawns were located in biospheres. We figure that such a design is fitting for a return to smaller spawns. They were dropped with the introduction of "MegaSpawn" - which was the sort of codename for the large spawn that was a mashup of a bunch of old CU and ND spawns. If you aren't able to hop on, enjoy a few screenshots of the new hub: CUAuctions Here soon, we plan to introduce a custom-coded Auctions plugin for use in Survival and SkyBlock! Auctions are a fun way to sell specific items in a bidding war! Our original plan was to find an already available auctioning plugin, but it seems that most modern auction plugins take an "eBay-like" approach, where you essentially post a listing for an item, rather than the traditional "Player has started an auction! Do /bid to bid!" type of auction. So - we'll be handling that ourselves. We don't have a release date for it set, but expect it to show up before the end of the year (unless things go horribly wrong). Status of Modded MC and Beta 1.7.3 Both Modded MC as well as Beta 1.7.3 have been neglected pretty heavily for a long time. If you haven't been keeping up on our Discord, you'll no doubt have already heard that we've been working on a new modpack to act as a successor to Brink of Chaos in order to revitalize our Modded MC offering. Brink of Chaos has been a fairly disorganized mess since its inception - in terms of mod list, server features, and even versioning. For those of you who haven't kept up with the changelogs, the versions basically jumped from 1.0.0 to 1.7.0 with absolutely nothing in between. Why is that? No idea. Apparently they were all internal testing builds? You'll have to ask the haloman30 of the past on that one. With the new modpack (whose name we're keeping secret for now), we plan to refine and redefine Brink of Chaos' goals. The initial release will essentially be an optimized and more streamlined version of what Brink of Chaos offered, acting as a foundation for the future. Fun fact - we offer a MC Beta 1.7.3 server! You may or may not have known that since we've given it next to no love and care until very recently. Originally the plan was to have it sit untouched as just "a thing that exists", similar to TeamSpeak - and while we aren't gonna be investing quite the same amount of effort into it compared to our other services, we do want to help it have a level of quality. For instance - the spawn. The previous spawn for Beta 1.7.3 was abysmal. It was trying to sort of emulate the spawn of old CU's Beta 1.7.3 spawn, except it was worse in basically every way. The new spawn actually looks halfway decent - through abandoning the original idea of making things look "from the era". Part of why the old spawn was so plain and boring is because it was built partially with the design styles that people used in the past. Which, while it can yield some good results, this wasn't it chief. The new spawn is a major overhaul - and with that new spawn, comes a brand new world on a brand new seed. The original seed was just the famous gargamel seed (though not as famous as the likes of Glacier). This new seed is a custom seed, chosen based on a community seed suggestion we did on Discord a little while back. We can't disclose the seed for obvious reason - can't have people using tools to find goodies offline! We'll be doing more stuff to Beta 1.7.3 as well, stay tuned for more details on that in the coming weeks/months/however long. A Note Regarding Minecraft/Server Exploits Something that was previously neglected from our rules (I could've sworn it was there at some point) but has technically always been a rule is regarding exploits. As a general rule, they are not allowed. If you're using something that utilized a glitch or bug in the behavior of a plugin, Bukkit, or Minecraft itself - you'll receive a warning, jail, or a ban outright depending on the severity. As an added note, since I've had some people bring up this as a defense, something being possible in vanilla Minecraft has not, and will never be a deciding factor in whether or not something is or isn't allowed. Mind you, on old CU back in 2012, you could get banned on the spot for using a piston glitch to convert stone bricks into mossy, cracked, or chiseled stone bricks (called "circle stone" at the time ). I don't plan or want to go that far, but the general sentiment still remains. Don't try and break the game to gain an advantage - you'll have to face the consequences if you do. Update Notes Before we close off, I'd like to remind everyone that we have a blog for changelogs for the website, forums, and servers! Anytime we make a change or fix to anything in the community, an entry is posted in our Update Notes blog. Sometimes these things get an announcement, but usually they don't. For example, here's a few of the noteworthy changes you might have missed out on: Nuclear District Topic Polls - Previously, all topics from the Nuclear District forums that had polls showed a random and irrelevant poll. I went through some local archives I took before ND closed to re-create the poll data by hand and point the old topics towards it. Not all topics got their polls back, but some is better than none, right? Part of an update on 11/9/2019 - Click here to read more Award Updates - A handful of awards got their icons and descriptions updated, along with having a lot of members get their awards issued to them. Part of an update on 11/8/2019 - Click here to read more /sit and Weather/Time Price Cuts - The prices for weather and time signs in Survival got cut down to $125 instead of $500, and /sit has been added to allow you to sit anywhere! (Chairs still work however) Part of an update on 11/13/2019 - Click here to read more Status Updates Block Redesign - A forums plugin has been added to make the Status Updates sidebar block function more closely to how it did back in the IP.Board 3.x days - which is arguably better Part of an update on 11/9/2019 - Click here to read more If you don't want to miss any changes, be sure to hit the follow button on the blog page! You'll get notified any time we publish a changelog. Additionally, those changelogs send a notification to #forums-feed on our Discord server - so you can keep an eye on them there, too.
Hi All, A security exploit has been identified in the openjdk 1.7.0 version. The server uses OpenJDK 1.8 and has already patched the exploit. However this is also present in Java SE clients. It is highly advised that you update your java. FAQ Are there any crucial differences between Oracle and Open JDK? Nothing crucial. The openjdk project is mostly based on hotspot source code donated by Sun. Moreover, openjdk was selected to be the reference implementation for java 7, and is maintained by Oracle engineers. There's a more detailed answer to your question here, which links to this blog post: Q : What is the difference between the source code found in the OpenJDK repository, and the code you use to build the Oracle JDK? A : It is very close - our build process for Oracle JDK releases builds on OpenJDK 7 by adding just a couple of pieces, like the deployment code, which includes Oracle's implementation of the Java Plugin and Java WebStart, as well as some closed source third party components like a graphics rasterizer, some open source third party components, like Rhino, and a few bits and pieces here and there, like additional documentation or third party fonts. Moving forward, our intent is to open source all pieces of the Oracle JDK except those that we consider commercial features such as JRockit Mission Control (not yet available in Oracle JDK), and replace encumbered third party components with open source alternatives to achieve closer parity between the code bases. i dont get it. if they are similar then why two? Technical differences are a consequence of the goal of each one (OpenJDK is meant to be the reference implementation, open to the community, while Oracle is meant to be a commercial one) They both have "almost" the same code of the classes in the Java API; but the code for the virtual machine itself is actually different, and when it comes to libraries, OpenJDK tends to use open libraries while Oracle tends to use closed ones; for instance, the font library. Is the Server Affected? The Server was not affected by this exploit as the server uses OpenJDK 1.8 which had this fixed. Updated java-1.7.0-openjdk packages fix security vulnerabilities Publication date: 15 Apr 2015 Type: security Affected Mageia releases : 4 CVE: CVE-2005-1080 , CVE-2015-0460 , CVE-2015-0469 , CVE-2015-0477 , CVE-2015-0478 , CVE-2015-0480 , CVE-2015-0488 Description Updated java-1.7.0 packages fix security vulnerabilities: An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox restrictions (CVE-2015-0469). A flaw was found in the way the Hotspot component in OpenJDK handled phantom references. An untrusted Java application or applet could use this flaw to corrupt the Java Virtual Machine memory and, possibly, execute arbitrary code, bypassing Java sandbox restrictions (CVE-2015-0460). A flaw was found in the way the JSSE component in OpenJDK parsed X.509 certificate options. A specially crafted certificate could cause JSSE to raise an exception, possibly causing an application using JSSE to exit unexpectedly (CVE-2015-0488). A flaw was discovered in the Beans component in OpenJDK. An untrusted Java application or applet could use this flaw to bypass certain Java sandbox restrictions (CVE-2015-0477). A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted (CVE-2005-1080, CVE-2015-0480). It was found that the RSA implementation in the JCE component in OpenJDK did not follow recommended practices for implementing RSA signatures (CVE-2015-0478). References https://bugs.mageia.org/show_bug.cgi?id=15706 http://blog.fuseyism.com/index.php/2015/04/15/security-icedtea-2-5-5-for-openjdk-7-released/ http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html https://rhn.redhat.com/errata/RHSA-2015-0806.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488 I am glad that I used the Beta Version of Mageia that has updated dependencies and took the extra downtime. This would of been a nightmare to take care of. Looks like the downtime actually benefited us for once