Home
Forums
Articles
Reviews
News Search
News Archive
File Downloads
Chat Client
Polls Page
Contact
Members
Pictures
MWGL Mail Login

Matrox Parhelia Reef Demo The Best DirectX 8 Benchmark Ever?
Dungeon Siege Tweaking Guide
 
Medal of Honor: Pacific Assault
Midnight Club 2: XBOX
Inside Pitch 2003: XBOX
Duke Nukem: Manhattan Project
EverGlide MousePad


 

  Monday, Sep 24, 2001 Report News | Archive | Top  
Half-Life 1.1.0.8 Security Leak
- Posted 6:57 AM By Kagato
EMail News to a Friend  Printer Friendly Version    0 Comments | Add 
A post on Planet Half-Life has been started concerning a new security alert on SecurityFocus in reguards to a hole in the new Half-Life release that could allow a server to exploit the client (reverse of what you normally see). The report says: "Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat." Here's a snip of the issue:
By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server.
Do you trust your server admin?
 
0 Comments Posted

Add a comment

You have to be logged in in order to post comments..

If you don't have an account yet? Follow this link!

 
Username:

Password:


Click here to Register!

Who do you think makes the best gaming console?
Microsoft
Nintendo
Sony
 
 November
SMTWTFS
   1234
567891011
12131415161718
19202122232425
2627282930