Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5421
HistoryNov 19, 2003 - 12:00 a.m.

Half Life dedicated server information leak

2003-11-1900:00:00
vulners.com
31

Dear [email protected],

Probably is known, but is not documented:

Vendor: Valve software
Software: hlds, all versions (including steam).
Problem: Information leak, DoS
Author: SYZo[SND]

Problem:

in server configuration, if allowdownload = 1, it's possible to download
any file from directory of the current game (cstrike was tested) or from
'valve' directory from server. Allowdownload is required to allow
clients to retrieve new maps from server.

Impact:

It's possible to download configuration files (like server.cfg,
configuration files for different mods, etc) with sensitive information,
including passwords. Additionally, downloading large file (for example
map) causes server to crash.

"Exploit":

cmd dlfile server.cfg
cmd dlfile addons/amx/users.ini
cmd dlfile addons/amx/mysql.cfg
cmd dlfile maps/de_torn.bsp

Workaround:

disable downloads.


http://www.security.nnov.ru
/\_/\
{ , . } |\
±-oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)
±------------o66o–+ /
|/