A user posting to Pastebin has detailed several zero-day vulnerabilities in TeamSpeak 3 software and also alleges the company sweeps such things “under the rug.” The author claims to have found ten vulnerabilities in TeamSpeak 3 software but also states that they will not be releasing these vulnerabilities any time soon.
While auditing the Teamspeak 3 server I’ve discovered several 0-day vulnerabilities which I’ll describe in detail in this advisory. They exist in the newest version of the server, version 3.0.13.
I found 10 vulnerabilities. Some of these are critical and allow remote code execution. For the average user, that means that these vulnerabilities can be exploited by a malicious attacker in order to take over any Teamspeak server, not only becoming serveradmin, but getting a shell on the affected machine.
Basically if someone else figures out what this user has figured out, they can gain shell access to the TeamSpeak 3 servers. Gaining access to the TeamSpeak 3 servers would not only affect TeamSpeak and its operations but they could potentially have full access to TeamSpeak customers. The interesting thing to this is that this user has not contacted TeamSpeak about the vulnerabilities and doesn’t seem like he wants to.
Q: Why not do coordinated disclosure?
A: The Teamspeak developers censor their forums and sweep vulnerabilities under the rug as “crashes”. I am not comfortable with that. Furthermore I fear legal action from them.
Why they fear legal action isn’t totally clear, but if one hacker can figure out what this person has figured out, then TeamSpeak 3 servers are very ripe for the hacking at the moment. The author stops short of telling people to drop TeamSpeak saying that other VoIP services could very well have the same problems. Someone would just have to take the time and find those vulnerabilities. We’ve reached out to TeamSpeak for comment on this story and will update if we hear anything back.
For the more technical minded, you can read the Pastebin post at the link below. What do you think of this potential zero-day vulnerability issue? Let us know in the comments below or on Twitter, Facebook and Google+.