Bugtraq mailing list archives
[VSA0305] HLTV remote DoS
From: "VOID.AT Security" <crew () void at>
Date: Fri, 10 Jan 2003 18:50:37 +0100
[void.at Security Advisory VSA0305] HLTV offers the ability to have thousands of spectators watch online games on Half-Life-servers. Overview ======== By sending a specially crafted packet to the hltv-server, an attacker can cause the server to crash. Affected Versions ================= The one that comes with hlds 3.1.1.0; possibly others. Impact ====== Medium. The remote server simply crashes. Details ======= Packets querying things like player-status etc always start with \xff\xff\xff\xff, followed by a query command and terminated by a \0. When you simply send \xff\xff\xff\xff\0 to the server, it crashes. Solution ======== Vendor patch needed! Exploit ======= Come on :-) Discovered by ============= greuff <greuff () void at> Credits ======= void.at everyone who was at 19c3
Attachment:
_bin
Description:
Current thread:
- [VSA0305] HLTV remote DoS VOID.AT Security (Jan 10)