Index: src/network/nNetObject.cpp
===================================================================
--- src/network/nNetObject.cpp	(revision 5965)
+++ src/network/nNetObject.cpp	(working copy)
@@ -661,6 +661,15 @@
 #endif
     m.Read( owner );
 
+    // clients are only allowed to create self-owned objects
+    if ( sn_GetNetState() == nSERVER )
+    {
+        if ( owner != m.SenderID() )
+        {
+            throw nKillHim();
+        }
+    }
+
     registrar.object = this;
     registrar.sender = m.SenderID();