Security Focus has posted a security alert claiming that a security leak in the recent 1.1.0.8 Half-Life patch might allow servers to exploit clients. Here's a bite from their article: Learn more
By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server. An example of this would be Admin-Mod a popular remote administration plugin for many Half-Life mods like Counter-Strike, Team Fortress Classic, Day of Defeat, and Firearms. Admin-Mod has a command named admin_execclient which allows admins to force users to execute commands, including "connect."
Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat.
Securityfocus.org
By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server. An example of this would be Admin-Mod a popular remote administration plugin for many Half-Life mods like Counter-Strike, Team Fortress Classic, Day of Defeat, and Firearms. Admin-Mod has a command named admin_execclient which allows admins to force users to execute commands, including "connect."
Valve Software was contacted on September 18, 2001 and informed me it will be fixed in the next patch (presumably v1.1.0.9). They did not believe it to be a serious threat.
Securityfocus.org
