Bugtraq mailing list archives
Re: Format String Vulnerability in Valve's CS-Source
From: Some One <mc.iglo () ddclan de>
Date: 15 Oct 2004 18:26:37 -0000
In-Reply-To: <20041014192836.47e3964d.aluigi () autistici org> Hi, This is way to technical for me, but i dont think so i just found out, that not only the own client and the server crashes, if my name is '%n'! even all other conencted clients crash
If this is the same bug I reported over one year ago http://aluigi.altervista.org/adv/hlclientfs-adv.txt probably Valve has not patched it yet or something similar (I don't play with Half-Life from years). About exploitation, the only method I found was versus the connected clients using the "Unknown command" reply sent by the server directly to them. BYEZ --- Luigi Auriemma http://aluigi.altervista.org
Current thread:
- Format String Vulnerability in Valve's CS-Source Some One (Oct 13)
- <Possible follow-ups>
- Re: Format String Vulnerability in Valve's CS-Source Luigi Auriemma (Oct 15)
- Re: Format String Vulnerability in Valve's CS-Source Some One (Oct 18)