exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

half-life.txt

half-life.txt
Posted Oct 19, 2000
Authored by Mark Cooper

The Half-Life Dedicated Server for Linux v3.1.0.3 and below contains a remotely exploitable buffer overflow. Exploit code available here.

tags | exploit, overflow
systems | linux
SHA-256 | 321410a4245baf94d24899baac40728a163cf83df38b90575b4aac920f73f359

half-life.txt

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Vulnerability Report by Mark Cooper


Date Published: 16th October 2000

Advisory ID: N/A

Bugtraq ID: 1799

http://www.securityfocus.com/bid/1799

CVE CAN: N/A

Title: Half-Life Dedicated Server Vulnerability

Class: Buffer Overflow

Remotely Exploitable: Yes

Locally Exploitable: Yes

Release Mode: FORCED RELEASE

This vulnerability is actively being exploited in the wild.

Vulnerable Packages/Systems:

Half-Life Dedicated Server for Linux 3.1.0.3 & Previous

Vulnerability Description:

A buffer overflow vulnerability was discovered in a Half-Life
dedicated server
during a routine security audit. A user shell was found running on
the ingreslock
port of the server which lead to an investigation into how this had
been achieved.
- From the logs left on the server, it was ascertained that a
predefined exploit
script was used and that the perpetrator failed to further compromise
the server
due to the Half-Life software running as a non-priveledged user.

The vulnerability appears to exist in the changelevel rcon command
and does not
require a valid rcon password. The overflow appears to exist after
the logging
function as the following was found in the last entries of the
daemon's logs:-

# tail server.log.crash | strings
L 08/23/2000 - 23:28:59: "[CiC]Foxdie<266>" say "how so?"
Bad Rcon from x.x.x.x:4818:
rcon werd changelevel
bin@
sh!@
Privet ADMcrew\
rcon werd changelevel

The actual raw exploit code is logged, along with what appears to be
the script
authors, ADM ( http://adm.freelsd.net/ADM/ ). If they could shed some
light on
this?

Solution/Vendor Information/Workaround:

Valve Software promised a patch which has yet to appear. Interim
measures would
include:-

A) Consider not running the HalfLife software at all!
B) Remove the world execute bit from inetd to 'break' the exploit
code - this
would only stop the script kiddies
C) Ensure sane ipfwadm/ipchains filters are inplace


Vendor notified on: 14th September 2000

Credits:


Credit for the vulnerability discovery presumably lies with ADM. :)
The forensic
work which discovered this problem was performed by Mark Cooper.

This advisory was drafted with the help of the SecurityFocus.com
Vulnerability
Help Team. For more information or assistance drafting advisories
please mail
vulnhelp@securityfocus.com.

Exploit/Concept Code:

Try http://adm.freelsd.net/ADM/ ?

Referance:
http://www.valvesoftware.com

DISCLAIMER:
No responsibility whatsoever is taken for any correct/incorrect use
of this
information. This is for informational purposes only.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQEVAwUBOes6XV15pZzZvm7VAQEJdQf+JH07d2Of2fyZj5GAwH4Hyw43kBHysnqn
9K6faf1tON7RqkJXxvbTRbokEHv4lE4um1mUnYcWsDSv58xfgCJ8Fctq9aK1iTUA
qd3Hm/jcDe+uQrPhjTM+jKg1c2xa7XXltXO2bcYBO29EjXJmp6bF2kr6M/c8z0vr
/s9CpbUZ4cmG71hi/eM+VvhBPndeqE1iqfHaD6esrvnKWuXEvGO1XIn8SMwZXs4p
HKTExgAd88M1OoMwtKCk0J7xFSU7W5r/f/QvkDb2gmn9vpOuOIZlBltTTpxriXQG
xh3jIL/Ku6SIBVWx34WrgsoZe1Rj8BrPWFdBWz5taRDggKAmScrtrw==
=aUch
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    45 Files
  • 9
    Dec 9th
    9 Files
  • 10
    Dec 10th
    6 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close