Second Life Forums Archive - Second Life URI exploit

Haravikk Mistral

Registered User

Join date: 8 Oct 2005

Posts: 2,482

05-28-2008 08:30

I was just looking at SL command-line arguments and came across this:
http://www.gnucitizen.org/blog/ie-pwns-secondlife/

I'm wondering, does anyone know if this vulnerability was closed? It seems like it could be fairly easy to fix in theory by having SL ignore the -loginuri argument if it was opened via a secondlife:// URI, but I wanted to check, so I could JIRA this if nothing was actually done.

Or even ignore ALL arguments except for the ones to specify location.

_____________________

Computer (Mac Pro):
2 x Quad Core 3.2ghz Xeon
10gb DDR2 800mhz FB-DIMMS
4 x 750gb, 32mb cache hard-drives (RAID-0/striped)
NVidia GeForce 8800GT (512mb)

Meade Paravane

Hedgehog

Join date: 21 Nov 2006

Posts: 4,845

05-28-2008 08:36

Yep...

http://blog.secondlife.com/2007/09/21/required-update-for-release-candidate-viewer/

_____________________

Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!!
- Go here: http://jira.secondlife.com/browse/SVC-1224
- If you see "if you were logged in.." on the left, click it and log in
- Click the "Vote for it" link on the left

Viktoria Dovgal

…

Join date: 29 Jul 2007

Posts: 3,593

05-28-2008 08:37

http://jira.secondlife.com/browse/VWR-2508

Marked fixed.

_____________________

Haravikk Mistral

Registered User

Join date: 8 Oct 2005

Posts: 2,482

05-28-2008 08:38

Ah, cool, cheers for the quick responses =)

_____________________

Computer (Mac Pro):
2 x Quad Core 3.2ghz Xeon
10gb DDR2 800mhz FB-DIMMS
4 x 750gb, 32mb cache hard-drives (RAID-0/striped)
NVidia GeForce 8800GT (512mb)

Second Life URI exploit
Haravikk Mistral Registered User Join date: 8 Oct 2005 Posts: 2,482	05-28-2008 08:30 I was just looking at SL command-line arguments and came across this: http://www.gnucitizen.org/blog/ie-pwns-secondlife/ I'm wondering, does anyone know if this vulnerability was closed? It seems like it could be fairly easy to fix in theory by having SL ignore the -loginuri argument if it was opened via a secondlife:// URI, but I wanted to check, so I could JIRA this if nothing was actually done. Or even ignore ALL arguments except for the ones to specify location. _____________________ Computer (Mac Pro): 2 x Quad Core 3.2ghz Xeon 10gb DDR2 800mhz FB-DIMMS 4 x 750gb, 32mb cache hard-drives (RAID-0/striped) NVidia GeForce 8800GT (512mb)
Meade Paravane Hedgehog Join date: 21 Nov 2006 Posts: 4,845	05-28-2008 08:36 Yep... http://blog.secondlife.com/2007/09/21/required-update-for-release-candidate-viewer/ _____________________ Tired of shouting clubs and lucky chairs? Vote for llParcelSay!!! - Go here: http://jira.secondlife.com/browse/SVC-1224 - If you see "if you were logged in.." on the left, click it and log in - Click the "Vote for it" link on the left
Viktoria Dovgal … Join date: 29 Jul 2007 Posts: 3,593	05-28-2008 08:37 http://jira.secondlife.com/browse/VWR-2508 Marked fixed. _____________________
Haravikk Mistral Registered User Join date: 8 Oct 2005 Posts: 2,482	05-28-2008 08:38 Ah, cool, cheers for the quick responses =) _____________________ Computer (Mac Pro): 2 x Quad Core 3.2ghz Xeon 10gb DDR2 800mhz FB-DIMMS 4 x 750gb, 32mb cache hard-drives (RAID-0/striped) NVidia GeForce 8800GT (512mb)

Welcome to the Second Life Forums Archive

Second Life URI exploit