BleedingPipe is an exploit being used in the wild allowing FULL remote code execution on clients and servers running popular Minecraft mods on 1.7.10/1.12.2 Forge (its mainly those versions, other versions are affected.), alongside some other mods. Use of the BleedingPipe exploit has already been observed on unsuspecting servers.

This is a vulnerability in mods using unsafe deserialization code, not in Forge itself.

  • BLAMM67@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    Does an attacker need to be logged in to take advantage of the exploit? Will a whitelist keep my server safe?

    • Roman0OP
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      From what I’ve read, no. It’s an issue with some mods using insecure networking code, letting the malicious party to inject payloads to the server or clients.

      From the blog post:

      The bug is a well known issue with deserialization using ObjectInputStream. The mods affected used OIS for networking code, and this allowed packets with malicious serialization to be sent. This allows anything to be run on the server, which then can be used on the server to do the same thing to all clients, therefore infecting all clients with the server in reverse.

      Take my conclusions with a grain of salt, I’m no expert so I might be wrong.