|
|
| |
| A security vulnerability has been discovered in Half-Life Dedicated Server. The vulnerability allows execution of arbitrary code on the Half-Life server. |
| |
Credit:
The vulnerability was discovered by ADM.
The information has been provided by Mark Cooper.
|
| |
Vulnerable systems:
Half-Life Dedicated Server for Linux 3.1.0.3 & Previous
A buffer overflow vulnerability in Half-Life dedicated server was discovered by ADM during a routine security audit.
The vulnerability appears to exist in the changelevel rcon command and does not require a valid rcon password. The overflow appears to exist after the logging function as the following was found in the last entries of the daemon's logs:-
# tail server.log.crash | strings
L 08/23/2000 - 23:28:59: "[CiC]Foxdie<266>" say "how so?"
Bad Rcon from x.x.x.x:4818:
rcon werd changelevel
bin@
sh!@
Privet ADMcrew\
rcon werd changelevel
Vendor Response:
Valve Software promised a patch that has yet to appear.
Workaround:
As an interim measures do the following:
A) Consider not running the Half-Life software at all!
B) Remove the world execute bit from inetd to 'break' the exploit code.
C) Ensure sane ipfwadm/ipchains filters are in place
|
|
|
|
|
|
|
|
