Bugtraq mailing list archives

Re: Format String Vulnerability in Valve's CS-Source

From: Some One <mc.iglo () ddclan de>
Date: 15 Oct 2004 18:26:37 -0000

In-Reply-To: <20041014192836.47e3964d.aluigi () autistici org>

Hi,

This is way to technical for me, but i dont think so

i just found out, that not only the own client and the server crashes, if my name is '%n'! even all other conencted 
clients crash


If this is the same bug I reported over one year ago
http://aluigi.altervista.org/adv/hlclientfs-adv.txt probably Valve has not
patched it yet or something similar (I don't play with Half-Life from
years).

About exploitation, the only method I found was versus the connected clients
using the "Unknown command" reply sent by the server directly to them.


BYEZ


--- 
Luigi Auriemma
http://aluigi.altervista.org

Current thread:

Format String Vulnerability in Valve's CS-Source Some One (Oct 13)
- <Possible follow-ups>
- Re: Format String Vulnerability in Valve's CS-Source Luigi Auriemma (Oct 15)
- Re: Format String Vulnerability in Valve's CS-Source Some One (Oct 18)