Wow, this is serious. I just figured out how it's done. I can crash any server. I've only tested on my own, but we are all vulnerable.
Hmm...with this extended character set, do you think one could slip in their own shellcode? I think so. Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Fencik Sent: Friday, October 15, 2004 8:29 PM To: [EMAIL PROTECTED] Subject: RE: [hlds] serious cs:s vulnerability Just for grins....here's the ip address of the offending hacker: 68.37.174.181 Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 15, 2004 8:07 PM To: [EMAIL PROTECTED] Subject: Re: [hlds] serious cs:s vulnerability Yeah I just had to restart one of my servers as well. It *looks* like the last exploit (malformed rcon command that would hang the server and peg the CPU at 100%) however this time cpu usage doesnt skyrocket, and in the console you can see all of the players drop via timing out, all at the same time almost. You seeing the same thing Dave? - K2 http://www.hardfought.org David Fencik <[EMAIL PROTECTED]> wrote: > This is a multi-part message in MIME format. > -- > [ Picked text/plain from multipart/alternative ] > Some script kiddie just crashed one of my source servers. It amazes me > that there could be such an easily exploitable vulnerability in such an > obvious place. Here's a hint to you all: format-string vulnerability. > > Feel free to email me off list if you'd like the specifics. > > Dave > -- > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please > visit: > http://list.valvesoftware.com/mailman/listinfo/hlds > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
