Computer Security
[EN] no-pyccku

Related information

  Half Life client format string bug

  Format string bug in Half-Life client, but is it really exploitable???

  [VSA0304] Half-Life Client remote hole via Adminmod plugin

From:3APA3A <3APA3A_(at)>
Subject:Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin

Dear VOID.AT Security,

This  bug is not related to adminmod, but is rather the bug in Half Life
itself.  At  least  absolutely  same  problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.

So  this  is  a bug in HalfLife client and may be exploited by malicious
server  operator  (including  remote one with permissions to execute any
csay/psay  command,  rcon access is not actually required, it's possible
to  bind  malicious  amx_psay  command  to  some  key).  Since Half Life
protocol  is  not  secure  it's  very likely this bug potentially may be
exploited by any remote attacker while client is playing.

--Friday, January 10, 2003, 8:49:35 PM, you wrote to [email protected]:

VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.


VAS> blackboxed the admin_ssay and admin_psay commands.

Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod