|
|
Half-Life 1.1.0.8 Security Leak
|
|
- Posted 6:57 AM By Kagato
|
|
0 Comments | Add
|
A post on Planet Half-Life has been started concerning a new security alert on SecurityFocus in reguards to a hole in the new Half-Life release that could allow a server to exploit the client (reverse of what you normally see). The report says: "Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat." Here's a snip of the issue:By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server. Do you trust your server admin?
|
0 Comments Posted
Add a comment
You have to be logged in in order to post comments..
If you don't have an account yet? Follow this link!
|
|
Who do you think makes the best gaming console?
|
|
Microsoft
264
|
Nintendo
41
|
Sony
161
|
votes: 466
|
Polls
|
|
May
|
S | M | T | W | T | F | S |
| | | 1 | 2 | 3 | 4 |
5 | 6 | 7 | 8 | 9 | 10 | 11 |
12 | 13 | 14 | 15 | 16 | 17 | 18 |
19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | 28 | 29 | 30 | 31 | |
|
|
|