VOID.AT Security
10/01/03, 19:46
--------------enig75CC15BEE7EC91F872E22807
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
[void.at Security Advisory VSA0305]
HLTV offers the ability to have thousands of spectators watch
online games on Half-Life-servers.
Overview
========
By sending a specially crafted packet to the hltv-server,
an attacker can cause the server to crash.
Affected Versions
=================
The one that comes with hlds 3.1.1.0; possibly others.
Impact
======
Medium. The remote server simply crashes.
Details
=======
Packets querying things like player-status etc always start
with \xff\xff\xff\xff, followed by a query command and terminated
by a \0.
When you simply send \xff\xff\xff\xff\0 to the server, it crashes.
Solution
========
Vendor patch needed!
Exploit
=======
Come on :-)
Discovered by
=============
greuff <greuff@void.at>
Credits
=======
void.at
everyone who was at 19c3
--------------enig75CC15BEE7EC91F872E22807
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+Hwftzxi8qAgTjUMRAhzOAJ0fqNJQozxC4D+zLcHZlF oeWBvejACfXQWo
4ajOCoouqK+oc05TpPrnvz0=
=kWZm
-----END PGP SIGNATURE-----
--------------enig75CC15BEE7EC91F872E22807--
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
[void.at Security Advisory VSA0305]
HLTV offers the ability to have thousands of spectators watch
online games on Half-Life-servers.
Overview
========
By sending a specially crafted packet to the hltv-server,
an attacker can cause the server to crash.
Affected Versions
=================
The one that comes with hlds 3.1.1.0; possibly others.
Impact
======
Medium. The remote server simply crashes.
Details
=======
Packets querying things like player-status etc always start
with \xff\xff\xff\xff, followed by a query command and terminated
by a \0.
When you simply send \xff\xff\xff\xff\0 to the server, it crashes.
Solution
========
Vendor patch needed!
Exploit
=======
Come on :-)
Discovered by
=============
greuff <greuff@void.at>
Credits
=======
void.at
everyone who was at 19c3
--------------enig75CC15BEE7EC91F872E22807
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+Hwftzxi8qAgTjUMRAhzOAJ0fqNJQozxC4D+zLcHZlF oeWBvejACfXQWo
4ajOCoouqK+oc05TpPrnvz0=
=kWZm
-----END PGP SIGNATURE-----
--------------enig75CC15BEE7EC91F872E22807--