Server Buffer Overflow Vulnerability

LornathLornath Join Date: 2002-11-30 Member: 10280Members
in General Server Discussion
<div class="IPBDescription">crash and potential code execution</div> This was just released today:
<a href='http://www.pivx.com/press_releases/valve_release01.html' target='_blank'>hl server vulnerability</a>. I tried out the two exploits and sure enuff, they crashed or froze the server. The provided <a href='http://www.pivx.com/preparationv/' target='_blank'>fix</a> prevented the exploits.

-Lorn
Off Topic Disagree Agree Awesome

Comments

  • CheesyPetezaCheesyPeteza Join Date: 2002-11-24 Member: 9784Members, NS1 Playtester, Constellation
    Looks like he was getting enough attention for the exploit he discovered.
    Off Topic Disagree Agree Awesome
  • Kar-aKKar-aK Join Date: 2003-06-13 Member: 17335Members
    I seen that exploit used a few times on the db server.
    It "worked" quite well...

    - Kar
    Off Topic Disagree Agree Awesome
  • LornathLornath Join Date: 2002-11-30 Member: 10280Members
    <!--QuoteBegin--CheesyPeteza+Jul 29 2003, 04:37 PM--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (CheesyPeteza @ Jul 29 2003, 04:37 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Looks like he was getting enough attention for the exploit he discovered.<!--QuoteEnd--></td></tr></table><span class='postcolor'><!--QuoteEEnd-->
    lol wasn't me. Just saw <a href='http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0061.html' target='_blank'>the vulnerability</a> today on the <a href='http://www.vulnwatch.org/' target='_blank'>vulnwatch mailing list</a>. Tried it out on my own server and it seemed like a legit issue. Thought I'd post here so other people could patch up their servers.

    -Lorn
    Off Topic Disagree Agree Awesome
  • CheesyPetezaCheesyPeteza Join Date: 2002-11-24 Member: 9784Members, NS1 Playtester, Constellation
    Yeah I know, I saw it myself earlier today.

    Nice of them to release a fix for windows servers but not for linux.

    I'm not for security by obscurity, but I can't see the point in releasing exploit code when there is nothing you can do about it. Problem created by Valve, mass DOS caused by PivX Solutions.

    Already had 2 of our servers killed by this in the last few hours.
    Off Topic Disagree Agree Awesome
  • SiliconSilicon Join Date: 2003-02-18 Member: 13683Members
    edited July 2003
    Correction: hlds 4.1.1.1c1 is also exploitable at least the windows version, I tried the DOS on my self and it froze it up, so yeah, this sucks for all HL admins.
    <!--emo&???--><img src='http://www.unknownworlds.com/forums/html/emoticons/confused.gif' border='0' style='vertical-align:middle' alt='confused.gif'><!--endemo-->
    Off Topic Disagree Agree Awesome
Sign In or Register to comment.