Hi, We've found a serious security issue affecting CSS servers. There is a plugin for CSS that allows to expose SHELL system command. Of of the examples is !!! compiling helloworld.cpp program and executing it. Another example might be listing directories, wget-ing trojans and exposing the whole machine to the world.
This is totally unacceptable. VALVE please FIX this ASAP as this serious security issue may bring down all machines running CSS servers. These are the links: Authors page: http://www.mattie.info/cs/ System Plugin: http://www.mattie.info/downloads/mattie_system.tgz Main category at the author's forum http://www.mattie.info/cs/forums/viewforum.php?f=43 Main topic of this project http://www.mattie.info/cs/forums/viewtopic.php?t=3392 best regards Adam Grzesko [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
