Latest news
Date: September 20, 2001
Program: Half-Life
Versions Affected: 1.1.0.8 (September 19, 2001) and all previous versions
Severity: A Half-Life server can exploit buffer overflow in Client to execute arbitrary code on their machines.
Vendor: Valve Software (http://www.valvesoftware.com)
Vendor Contacted: September 18, 2001
Vendor Status: A fix will be included in the next update
Details: There is a buffer overflow in the console command "connect" on Windows Half-Life clients. The "connect" command is a command available in the client console which is used to connect to game servers when given a specific IP address and port. The format of the command is as follows:
/connect IP:port
By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server. An example of this would be Admin-Mod a popular remote administration plugin for many Half-Life mods like Counter-Strike, Team Fortress Classic, Day of Defeat, and Firearms. Admin-Mod has a command named admin_execclient which allows admins to force users to execute commands, including "connect."
Alfred Reynolds one of the maintainers of Admin-Mod was quick to point out to me that Admin-Mod's admin_execclient command only holds 100 characters and therefore would have to be modified to make use of this. He then also mentioned that since Admin-Mod is opensource anyone could modify the source and increase the buffer size anyways. Only part of one line of code in the Admin-Mod source would need to be changed to exploit this.
Of course this is not an issue with Admin-Mod I was just using it as an example.
Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat.
Solution: Install the patch when it becomes available.
Regards,
Stan
--
Stan Bubrouski
stan@ccs.neu.edu
23 Westmoreland Road, Hingham, MA 02043 Cell: (617) 835-3284
Spotlight
Is it time to professionalize information security?
Posted on 23 May 2013. | The issue of whether or not information security professionals should be licensed to practice has already been the topic of many a passionate debate.
Review: Logging and Log Management
Posted on 22 May 2013. | Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.
Experts highlight top data breach vulnerabilities
Posted on 22 May 2013. | Hidden vulnerabilities lie in everyday activities that can expose personal information and lead to data breach, including buying gas with a credit card or wearing a pacemaker.
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
