Re: [hlds] Custom files exploit

[Difegue]

Yeah, I went on to read the csgo list's thread, which somehow had passed 
me by all this time - Guess it's fucking nothing.


Sorry for the useless mail !


On 26/01/2018 23:51, Michael Loveless wrote:
​This isn't news. If you read the rest of the thread, a number of 
veterans came in here stating there was no sign of Stealth Mode's 
statements being accurate. The kid went on ranting and then made 
another email asking Valve to ban people who were being 'mean' to him. 
I don't think he ever provided any type of proof that an exploit like 
this exists, only wanted everyone to take his word for it.


Valve has worked to patch a number of exploits on various games 
including old Gold Source games over the past year or two. If there 
was a legitimate threat, there's a reasonable chance Valve would have 
looked into it. ​I haven't seen a single report of this issue from 
other users here, nor on Allied Mods, or any other SRCDS related 
server forums I frequent. Countless people here are using custom files 
on their servers and have no issues. I'm sure most of us scan our 
server files every so often for malicious files as well.


On Fri, Jan 26, 2018 at 5:43 PM, Difegue > wrote:


Hey there,

It's been about 3 months since news of this exploit surfaced (and
only here, haven't seen it elsewhere, I suppose to keep disclosure
to a minimum), so ~4 months since valve is aware of it.

Has there been any news about this exploit being fixed with Jungle
Inferno? We've been running with custom files disabled since the
news broke and some players are getting pretty upset about the
lack of sprays.


On 09/10/2017 11:31, Stealth Mode wrote:

Headsup admins/owners. Might want to disable custom files till
valve addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject
custom files with all types of malicious code. From hacks in
weapon skins, to ransomware in custom .bsp, to remote backdoors
in custom spray paints.

The exploit is injecting code into any image, sound, or data
file. You can take weapon skins (csgo), sound files, spray paint
image files, even .bsp/etc. and inject hack code, or actual
ransomware, viruses, or Trojans/rootkits directly into a server
cache, or client cache via the custom file.

Might want to disable custom files till valve decides to correct
this issue.

-StealthMode


___
To unsubscribe, edit your list preferences, or view the list archives, 
please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds




___
To unsubscribe, edit your list preferences, or view the list
archives, please visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds





___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Custom files exploit

[Michael Loveless]

​This isn't news. If you read the rest of the thread, a number of veterans
came in here stating there was no sign of Stealth Mode's statements being
accurate. The kid went on ranting and then made another email asking Valve
to ban people who were being 'mean' to him. I don't think he ever provided
any type of proof that an exploit like this exists, only wanted everyone to
take his word for it.

Valve has worked to patch a number of exploits on various games including
old Gold Source games over the past year or two. If there was a legitimate
threat, there's a reasonable chance Valve would have looked into it. ​I
haven't seen a single report of this issue from other users here, nor on
Allied Mods, or any other SRCDS related server forums I frequent. Countless
people here are using custom files on their servers and have no issues. I'm
sure most of us scan our server files every so often for malicious files as
well.

On Fri, Jan 26, 2018 at 5:43 PM, Difegue  wrote:

> Hey there,
>
> It's been about 3 months since news of this exploit surfaced (and only
> here, haven't seen it elsewhere, I suppose to keep disclosure to a
> minimum), so ~4 months since valve is aware of it.
>
> Has there been any news about this exploit being fixed with Jungle
> Inferno? We've been running with custom files disabled since the news broke
> and some players are getting pretty upset about the lack of sprays.
>
> On 09/10/2017 11:31, Stealth Mode wrote:
>
> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject custom
> files with all types of malicious code. From hacks in weapon skins, to
> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>
> The exploit is injecting code into any image, sound, or data file. You can
> take weapon skins (csgo), sound files, spray paint image files, even
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
> Trojans/rootkits directly into a server cache, or client cache via the
> custom file.
>
> Might want to disable custom files till valve decides to correct this
> issue.
>
> -StealthMode
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives, please 
> visit:https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Custom files exploit

[Difegue]

Hey there,

It's been about 3 months since news of this exploit surfaced (and only 
here, haven't seen it elsewhere, I suppose to keep disclosure to a 
minimum), so ~4 months since valve is aware of it.


Has there been any news about this exploit being fixed with Jungle 
Inferno? We've been running with custom files disabled since the news 
broke and some players are getting pretty upset about the lack of sprays.



On 09/10/2017 11:31, Stealth Mode wrote:
Headsup admins/owners. Might want to disable custom files till valve 
addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject 
custom files with all types of malicious code. From hacks in weapon 
skins, to ransomware in custom .bsp, to remote backdoors in custom 
spray paints.


The exploit is injecting code into any image, sound, or data file. You 
can take weapon skins (csgo), sound files, spray paint image files, 
even .bsp/etc. and inject hack code, or actual ransomware, viruses, or 
Trojans/rootkits directly into a server cache, or client cache via the 
custom file.


Might want to disable custom files till valve decides to correct this 
issue.


-StealthMode


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Custom files exploit

[Tohru Adachi]

(since the reply-to somehow managed to break, I'm re-sending this...)

I'm more concerned that this can be client-induced from what I've read, 
there's too many bad actors out there who are going to abuse this if it 
ever gains traction. Even just a quick mandatory update for all affected 
games would do (especially considering the severe update draught in Team 
Fortress 2 right now...)


On 09/10/2017 10:31, Stealth Mode wrote:
Headsup admins/owners. Might want to disable custom files till valve 
addresses this issue brought to their attention a month ago.
There is an exploit where any client with minor skill can inject 
custom files with all types of malicious code. From hacks in weapon 
skins, to ransomware in custom .bsp, to remote backdoors in custom 
spray paints.


The exploit is injecting code into any image, sound, or data file. You 
can take weapon skins (csgo), sound files, spray paint image files, 
even .bsp/etc. and inject hack code, or actual ransomware, viruses, or 
Trojans/rootkits directly into a server cache, or client cache via the 
custom file.


Might want to disable custom files till valve decides to correct this 
issue.


-StealthMode


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds


___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds

Re: [hlds] Custom files exploit

[Jordan Olling]

Such a shame for those of us who use benign, fun mods that give us no
advantage other than making it a little more interesting to play. Oh well.

On Mon, Oct 9, 2017 at 2:31 AM, Stealth Mode 
wrote:

> Headsup admins/owners. Might want to disable custom files till valve
> addresses this issue brought to their attention a month ago.
> There is an exploit where any client with minor skill can inject custom
> files with all types of malicious code. From hacks in weapon skins, to
> ransomware in custom .bsp, to remote backdoors in custom spray paints.
>
> The exploit is injecting code into any image, sound, or data file. You can
> take weapon skins (csgo), sound files, spray paint image files, even
> .bsp/etc. and inject hack code, or actual ransomware, viruses, or
> Trojans/rootkits directly into a server cache, or client cache via the
> custom file.
>
> Might want to disable custom files till valve decides to correct this
> issue.
>
> -StealthMode
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
> please visit:
> https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
>
>
___
To unsubscribe, edit your list preferences, or view the list archives, please 
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds