Halflife Linux Server rcon Vulnerabilities
BID:1847
Info
Halflife Linux Server rcon Vulnerabilities
| Bugtraq ID: | 1847 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 24 2000 12:00AM |
| Updated: | Oct 24 2000 12:00AM |
| Credit: | This vulnerability was first publicly posted by Thiago Zaninotti <[email protected]> on October 24, 2000. |
| Vulnerable: |
Valvesoftware Half-Life Dedicated Server 3.1.3 |
| Not Vulnerable: | |
Discussion
Halflife Linux Server rcon Vulnerabilities
Halflife Dedicated Linux Server is a software package used to host Halflife games for network gaming. A vulnerability discovered in this package allows a user to remotely gain access to the host running the software.
The first problem occurs through a machine connected to the Halflife server. The rcon command of the Halflife Linux Dedicated Server calls a function which contains an unchecked buffer. In this scenario, malicous user can bring up the game command console to execute commands, similar to that of an IRC server console, and send an rcon command to the server with enough data to overwrite the return address, causing the server to crash.
The second problem consists of a format string vulnerability. A function within rcon does not validate the input to the rcon command buffer, which is passed to sprintf() function. Therefore, it is possible for a malcious user to pass a specially formatted string via the rcon command that may result in remote code execution.
Halflife Dedicated Linux Server is a software package used to host Halflife games for network gaming. A vulnerability discovered in this package allows a user to remotely gain access to the host running the software.
The first problem occurs through a machine connected to the Halflife server. The rcon command of the Halflife Linux Dedicated Server calls a function which contains an unchecked buffer. In this scenario, malicous user can bring up the game command console to execute commands, similar to that of an IRC server console, and send an rcon command to the server with enough data to overwrite the return address, causing the server to crash.
The second problem consists of a format string vulnerability. A function within rcon does not validate the input to the rcon command buffer, which is passed to sprintf() function. Therefore, it is possible for a malcious user to pass a specially formatted string via the rcon command that may result in remote code execution.
Exploit / POC
Solution / Fix
Halflife Linux Server rcon Vulnerabilities
Valvesoftware Half-Life Dedicated Server 3.1.3
Valvesoftware Half-Life Dedicated Server 3.1.3
-
Valve Software Half-life 1.1.0.4 Server
http://www.fileplanet.com/index.asp?file=51283
References
Halflife Linux Server rcon Vulnerabilities
References:
References: