|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: Sat Jan 11 2003 - 04:40:26 CST
Dear VOID.AT Security,
This bug is not related to adminmod, but is rather the bug in Half Life
itself. At least absolutely same problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.
So this is a bug in HalfLife client and may be exploited by malicious
server operator (including remote one with permissions to execute any
csay/psay command, rcon access is not actually required, it's possible
to bind malicious amx_psay command to some key). Since Half Life
protocol is not secure it's very likely this bug potentially may be
exploited by any remote attacker while client is playing.
--Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq
securityfocus.com:
VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.
<skipped>
VAS> blackboxed the admin_ssay and admin_psay commands.
-- ~/ZARAZA Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]