| View previous topic :: View next topic |
| Author |
Message |
SpeCies
Registered User
Joined: 05 Sep 2001
Location: North Carolina Guild: <TVB>
Posts: 1948
|
 Posted: Sun Sep 23, 2001 1:15 pm Post subject: |
 |
|
Cut and Pasted this from Planethalflife..
HL 1.1.0.8 Security Leak
9/22/2001 20:24 PST | Community | by redef |
Thanks to Tommyjoe for alerting us of a little security alert on SecurityFocus. According to this alert, it is possible for servers (not clients) to exploit the “connect” command in HL, potentially causing harm to a user’s PC. Realistically this isn’t a serious problem, but it could become an issue. Here’s a little clip that details it nicely:
By running the command ["connect"] with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function.
_________________
http://www.nosmacktards.com |
|
| Back to top |
|
 |
Robert E. Lee
Registered User
Joined: 18 Jul 2001
Posts: 2904
|
| Posted: Sun Sep 23, 2001 3:27 pm Post subject: |
|
|
Thanks, but I don't think any of our admins would stoop to this level. I don't it will be a problem for anyone, but thanks for posting it anyway.
_________________
 |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
