All servers were potentially vulnerable. - Alfred
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Invalid Protocol Sent: Monday, July 02, 2012 5:34 PM To: 'Half-Life dedicated Linux server mailing list' Subject: Re: [hlds_linux] CS 1.6 New Exploit? Are the servers that only have fast download enabled (sv_allowdownload 0) vulnerable to this exploit? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alfred Reynolds Sent: Monday, July 02, 2012 11:49 PM To: 'Collin Howard'; 'Half-Life dedicated Linux server mailing list' Subject: Re: [hlds_linux] CS 1.6 New Exploit? This sounds like the exploit fixed last week, make sure you update your install. In particular that exploit would let you download .cfg file from your server, and if you put your rcon password in that file they can then get full rcon control of the server (and change the motd amongst other things). - Alfred -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Collin Howard Sent: Monday, July 02, 2012 1:46 PM To: [email protected] Subject: [hlds_linux] CS 1.6 New Exploit? I think there is a new exploit out. Today on one of my servers someone was able to download my server.cfg file and was able to upload his own motd file with a link to a virus download. I checked my cstrike folder and it had server.cfg.ZTMP Anyone else experience this? Or is this an old exploit and what protection is there from it? _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
