Computer Security
[EN] securityvulns.ru
no-pyccku



Related information

  Half Life client format string bug

  Format string bug in Half-Life client, but is it really exploitable???

  [VSA0304] Half-Life Client remote hole via Adminmod plugin

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:11.01.2003
Subject:Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin

Dear VOID.AT Security,


This  bug is not related to adminmod, but is rather the bug in Half Life
itself.  At  least  absolutely  same  problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.

So  this  is  a bug in HalfLife client and may be exploited by malicious
server  operator  (including  remote one with permissions to execute any
csay/psay  command,  rcon access is not actually required, it's possible
to  bind  malicious  amx_psay  command  to  some  key).  Since Half Life
protocol  is  not  secure  it's  very likely this bug potentially may be
exploited by any remote attacker while client is playing.


--Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq@securityfocus.com:

VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.

<skipped>

VAS> blackboxed the admin_ssay and admin_psay commands.


--
~/ZARAZA
Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 
Links
Ремонт нтс сервис спектр ремонт.



Rating@Mail.ru