Valve Software Half-Life Dedicated Server Vulnerability

Bugtraq ID:	1799
Class:	Boundary Condition Error
CVE:	CVE-2000-0968 CVE-2000-0969
Remote:	Yes
Local:	Yes
Published:	Oct 16 2000 12:00AM
Updated:	Mar 19 2015 09:05AM
Credit:	Credit for the vulnerability discovery presumably lies with ADM.The forensic work which discovered this problem was performed by Mark Cooper. Patrick Oonk <[email protected]> posted information regarding the fix status to Bugtraq. This advisory was drafted
Vulnerable:	Valve Software Half-Life Dedicated Server 3.1 - Caldera OpenLinux 2.4 - Conectiva Linux 5.1 - Debian Linux 2.3 - S.u.S.E. Linux 7.0 - Slackware Linux 7.1
Not Vulnerable:

Valve Software Half-Life Dedicated Server Vulnerability

The Half-Life server is a game server written to act as a centralized server for players of the Half-Life multi-player online video game. Certain versions of this server software for Linux ship with a remotely exploitable buffer overflow in the changelevel rcon command and does not require a valid rcon password. The overflow appears to exist after the logging function.

Valve Software Half-Life Dedicated Server Vulnerability

This problem is actively being exploited in the the wild although SecurityFocus.com does not have a copy of the exploit.

Valve Software Half-Life Dedicated Server Vulnerability

Solution:
Valve Software has released a fix for this vulnerability.


Valve Software Half-Life Dedicated Server 3.1

• Valve Software Half-Life Server 3.0.1.4
  http://linuxgameserver.com/appindex/appindex.phtml?target=file&id=5

Valve Software Half-Life Dedicated Server Vulnerability

References:

• Valve Software Homepage (Valve Software)