Dear VOID.AT Security,
This bug is not related to adminmod, but is rather the bug in Half Life
itself. At least absolutely same problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.
So this is a bug in HalfLife client and may be exploited by malicious
server operator (including remote one with permissions to execute any
csay/psay command, rcon access is not actually required, it's possible
to bind malicious amx_psay command to some key). Since Half Life
protocol is not secure it's very likely this bug potentially may be
exploited by any remote attacker while client is playing.
--Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq@securityfocus.com:
VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.
<skipped>
VAS> blackboxed the admin_ssay and admin_psay commands.
-- ~/ZARAZA Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)
This archive was generated by hypermail 2.1.3 : Sat Jan 11 2003 - 21:57:34 CET