Risks
Vulnerabilities
Browse by
Half-life server vulnerabilities
12 March 2001
Bookmark and Share

Author: Stan Bubrouski (stan@ccs.neu.edu)
Date: March 9, 2001
Package: Half-Life dedicated server for Windows and Linux and the Windows client as well.
Versions affected: All are believed vulnerable including latest builds for Windows (Build 1572) and Linux (Build 1573)
Severity: Remote users with access level high enough to execute the exec or map commands can exploit two buffer overflows and a string formatting vulnerability to crash the Half-Life server or execute commands to gain access to the host the server is running on.

Problems:

1) When the 'map' command is sent more than 58 or 59 characters a potentially exploitable buffer overflow occurs.

2) When 235 or more characters are used with the 'exec' command a buffer is overflowed and the server crashes.

3) There is a string formatting vulnerabilitiy in the 'map' command. When it recieves any formatting characters like %s or %d it interprets them as format characters and if crafted right a user could crash the server or execute code as the user the server is running as.

4) There is a buffer overflow in the parsing of config files which could be used to execute code as the user running the server. This is dangerous because someone could place code in the config file of a module and distribute it to unsuspecting users.

Copyright 2001 Stan Bubrouski

--
Stan Bubrouski stan@ccs.neu.edu
316 Huntington Ave. Apt #676, Boston, MA 02115 (617) 377-7222




Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //