Hey there,
It's been about 3 months since news of this exploit surfaced (and only
here, haven't seen it elsewhere, I suppose to keep disclosure to a
minimum), so ~4 months since valve is aware of it.
Has there been any news about this exploit being fixed with Jungle
Inferno? We've been running with custom files disabled since the news
broke and some players are getting pretty upset about the lack of sprays.
On 09/10/2017 11:31, Stealth Mode wrote:
Headsup admins/owners. Might want to disable custom files till valve
addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject
custom files with all types of malicious code. From hacks in weapon
skins, to ransomware in custom .bsp, to remote backdoors in custom
spray paints.
The exploit is injecting code into any image, sound, or data file. You
can take weapon skins (csgo), sound files, spray paint image files,
even .bsp/etc. and inject hack code, or actual ransomware, viruses, or
Trojans/rootkits directly into a server cache, or client cache via the
custom file.
Might want to disable custom files till valve decides to correct this
issue.
-StealthMode
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
