Half-Life Security Leak

Posters Name: Kagato
Posters Email: kagato@mwgl.org
Subject: Half-Life Security Leak

A post on Planet Half-Life has been started concerning a new security alert on SecurityFocus in reguards to a hole in the new Half-Life release that could allow a server to exploit the client (reverse of what you normally see). The report says: "Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat." Here's a snip of the issue:

By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server.
Do you trust your server admin?

MWGL News - Printer Friendly Version