Bugtraq mailing list archives
Re: Half Life dedicated server Patch
From: Shaun Meckler <shaun () TRUCKMASTER COM>
Date: Fri, 27 Oct 2000 14:57:56 -0600
Nathan Woodcock wrote:
- Rcon buffer overflow fixed. It does not make any mention of the format stringbug as mentioned in'Tamandua Sekure Labs Security Advisory 2000-01'Leon Hartwig, the coder of the linux half-life patch port, has confirmed in email on the hlds_linux mailing list that this exploit was most definately fixed.
Not what I would consider 'most definately fixed', but their word is they were unable to substantiate the claims of the advisory. Other sources questioned the integrity of the advisory, as it did not even have the correct version numbers posted on it. Btw, the original advisory is located at: http://www.securityfocus.com/archive/1/141060 -------- Original Message -------- Subject: RE: Security Fixed by new patch? Date: Fri, 27 Oct 2000 08:13:59 -0400 From: Leon Hartwig <hartwig () valvesoftware com> Reply-To: hlds_linux () valvesoftware com To: hlds_linux () valvesoftware com Well, the crash I was talking about applied to a format string problem elsewhere (when a player first connected to the server), not to rcon. However, I have tried to reproduce the rcon format string bug that is mentioned in the security advisory and I have not been able to do so. I have also combed through the related code and have found no problems. Has anyone actually encountered this alleged bug on their server?
Current thread:
- Re: Half Life dedicated server Patch Nathan Woodcock (Oct 28)
- Re: Half Life dedicated server Patch Shaun Meckler (Oct 30)
- <Possible follow-ups>
- Re: Half Life dedicated server Patch Shaun Meckler (Oct 30)
- Re: Half Life dedicated server Patch Thiago Zaninotti (Oct 30)