This bug is not related to adminmod, but is rather the bug in Half Life
itself. At least absolutely same problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.
So this is a bug in HalfLife client and may be exploited by malicious
server operator (including remote one with permissions to execute any
csay/psay command, rcon access is not actually required, it's possible
to bind malicious amx_psay command to some key). Since Half Life
protocol is not secure it's very likely this bug potentially may be
exploited by any remote attacker while client is playing.
--Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.
<skipped>
VAS> blackboxed the admin_ssay and admin_psay commands.
This bug is not related to adminmod, but is rather the bug in Half Life
itself. At least absolutely same problem is in amx plugin. amx_psay
%s%s%s%s causes same trouble.
So this is a bug in HalfLife client and may be exploited by malicious
server operator (including remote one with permissions to execute any
csay/psay command, rcon access is not actually required, it's possible
to bind malicious amx_psay command to some key). Since Half Life
protocol is not secure it's very likely this bug potentially may be
exploited by any remote attacker while client is playing.
--Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq (at) securityfocus (dot) com [email concealed]:
VAS> Note, the attacker needs to know the rcon-password.
VAS> However, it is easy to sniff since it is being transmitted
VAS> in plaintext.
<skipped>
VAS> blackboxed the admin_ssay and admin_psay commands.
--
~/ZARAZA
Åñëè äàæå âû ïîëó÷èòå êàêîå-íèáóäü ïèñüìî, âû âñå ðàâíî íå ñóìååòå åãî ïðî÷èòàòü. (Òâåí)
[ reply ]