Bugtraq mailing list archives
Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Sat, 11 Jan 2003 13:40:26 +0300
Dear VOID.AT Security, This bug is not related to adminmod, but is rather the bug in Half Life itself. At least absolutely same problem is in amx plugin. amx_psay %s%s%s%s causes same trouble. So this is a bug in HalfLife client and may be exploited by malicious server operator (including remote one with permissions to execute any csay/psay command, rcon access is not actually required, it's possible to bind malicious amx_psay command to some key). Since Half Life protocol is not secure it's very likely this bug potentially may be exploited by any remote attacker while client is playing. --Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq () securityfocus com: VAS> Note, the attacker needs to know the rcon-password. VAS> However, it is easy to sniff since it is being transmitted VAS> in plaintext. <skipped> VAS> blackboxed the admin_ssay and admin_psay commands. -- ~/ZARAZA Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)
Current thread:
- [VSA0304] Half-Life Client remote hole via Adminmod plugin VOID.AT Security (Jan 10)
- Re: [VSA0304] Half-Life Client remote hole via Adminmod plugin 3APA3A (Jan 11)