Bugtraq mailing list archives
Re: Half Life dedicated server Patch
From: Thiago Zaninotti <condor () SEKURE ORG>
Date: Sun, 29 Oct 2000 16:30:28 -0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Just for your information, I've tested the patched version of HLDS and it doesn't seem to be vulnerable to the format string error found in rcon command. Bad Rcon from 127.0.0.1:2020: rcon %p%p%p%p - -condor Thiago Zaninotti PK available through mail. Tamandua Sekure Labs - Brazil http://tamandua.sekure.org mailto:labs () sekure org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE5/Gxsf/woA9GCB6cRApBRAKDKyI+L9usDnRcySDnXXZhNedpZ1wCg29Rg v90No5CPgrR2pr7ZsLrsASI= =7X+a -----END PGP SIGNATURE-----
Someone pointed me to an announcement of a new Half Life patch which should be released next week and should fix the vulnerability described at http://www.securityfocus.com/bid/1799 New features and fixes include: - Linux security issue resolved. <---------------------
The patch was released earlier today. The linuxreadme.txt file included in the release noted this as the only security related change: - Rcon buffer overflow fixed. It does not make any mention of the format string bug as mentioned in 'Tamandua Sekure Labs Security Advisory 2000-01'
Current thread:
- Re: Half Life dedicated server Patch Nathan Woodcock (Oct 28)
- Re: Half Life dedicated server Patch Shaun Meckler (Oct 30)
- <Possible follow-ups>
- Re: Half Life dedicated server Patch Shaun Meckler (Oct 30)
- Re: Half Life dedicated server Patch Thiago Zaninotti (Oct 30)