[VSA0305] HLTV remote DoS

From: VOID.AT Security (crewat_private)
Date: Fri Jan 10 2003 - 09:50:37 PST

Next message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities"

Previous message: VOID.AT Security: "[VSA0304] Half-Life Client remote hole via Adminmod plugin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[void.at Security Advisory VSA0305]

HLTV offers the ability to have thousands of spectators watch
online games on Half-Life-servers.

Overview
========

By sending a specially crafted packet to the hltv-server,
an attacker can cause the server to crash.

Affected Versions
=================

The one that comes with hlds 3.1.1.0; possibly others.

Impact
======

Medium. The remote server simply crashes.

Details
=======

Packets querying things like player-status etc always start
with \xff\xff\xff\xff, followed by a query command and terminated
by a \0.

When you simply send \xff\xff\xff\xff\0 to the server, it crashes.

Solution
========

Vendor patch needed!

Exploit
=======

Come on :-)

Discovered by
=============

greuff <greuffat_private>

Credits
=======

void.at
everyone who was at 19c3

application/pgp-signature attachment: stored

Next message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities"
Previous message: VOID.AT Security: "[VSA0304] Half-Life Client remote hole via Adminmod plugin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 10 2003 - 10:46:54 PST