We are aware it's fixable with SM+MM but there are servers that can not, want not or simply do not run those. This is a critical vulnerability.
On Mon, Sep 16, 2013 at 4:24 AM, Collin Howard <[email protected]> wrote: > Hi: > > https://forums.alliedmods.net/showthread.php?t=225925 > > ------------------------------ > *From:* lilly <[email protected]> > *To:* [email protected] > *Sent:* Sunday, September 15, 2013 4:10:51 PM > *Subject:* [Csgo_servers] Please Fix this Valve!! Exploit!!! Many > Communities are getting hit with Ads > > This is a big issue, please fix this!! > > > http://www.reddit.com/tb/1mfgky > > Old 09-11-13 , 12:15 AM Warning to people running CS:GO servers > Reply With Quote Multi-Quote This Message Quick reply to this message > #1 > A number of communities have been hit by at least one person abusing the > fact CS:GO's engine is lacking the fixes Valve made in the 2009 engine for > file transfers. > > This means that it's possible for a malicious person to > > Download a number of files from the gameserver (it's unknown at this > time if the engine is vulnerable to bypassing the extension blacklist). > Upload a number of files to the gameserver (see note above). > "Delete" a file by overwriting it with a folder. > > > There is an extension created by Zephyrus to combat this exploit available > here. > > There is a plugin that is being upload to game servers that will display > hidden ads to clients. > The ad provider username in use by this individual is "bazdmegjo", please > contact me privately if you have any further information about who this > individual may be. > > Known versions: > > Filename: "basechats.smx" (note the 's' on the end) > File MD5 Hash: bd493c03a0115f704eaa96a0e1d8400e > Plugin Hash: 1f37a04083b593f5b024888a1dfbfe7d > Filename: "adminhelp.smx" > File MD5 Hash: 34ea070da0e8d820e7e1b5285d0a7db1 > Plugin Hash: 4f3b8f9131ac3de3c4abfd21ca61c237 > > > The "Plugin Hash" in the list above refers to the "Hash:" line seen in the > "sm plugins info" output if you're running a version of SourceMod with the > malicious plugin blacklist (most 1.5.0-dev snapshots, 1.5.0 and later, and > all 1.6.x snapshots) - if you're hosting CS:GO servers, I suggest making > sure you are. > > The binaries above have already been pushed out to SourceMod's plugin > blacklist - if you see any plugins fail to load because of this, please > make > sure to check all your other plugins. > > The 2nd one (adminhelp.smx) appears to be the more refined plugin and was > likely a later attempt by the exploiter. It also attempts to replicated > itself to "votemenus.smx", although due to a bug in the code this > fortunately fails. It is highly likely that the person involved in these > actions will make continued attempts, so please be vigilant. > > Checking your server (using the 'find' command) for the cvars "sm_ad_url" > and "sm_xchat_name" may help to find other instances of the malicious > plugin > - please note these were both reused from legitimate plugins, so do not > indicate malicious activity alone. > > If you find any strange plugins on your server that are trying to > impersonate base SM plugins, please PM them to me - they're only going to > get harder to spot from here on in. > > Some of you may remember a similar thread to this from almost a year > ago... > > > > ----- > ClanVPP.com > > 32 man Chicago 74.121.181.87:27015 > 26 man DM 216.231.130.101:26015 > 24 man Dallas 66.34.220.7:27015 > 24 man 24/7 Dust2 216.231.130.101:27025 > -- > View this message in context: > http://csgo-servers.1073505.n5.nabble.com/Please-Fix-this-Valve-Exploit-Many-Communities-are-getting-hit-with-Ads-tp5417.html > Sent from the CSGO_Servers mailing list archive at Nabble.com. > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers > > > > _______________________________________________ > Csgo_servers mailing list > [email protected] > https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers >
_______________________________________________ Csgo_servers mailing list [email protected] https://list.valvesoftware.com/cgi-bin/mailman/listinfo/csgo_servers
