Adam Grzesko randomly typed the following on 04/06/2006 03:39 PM:
Hi,
We've found a serious security issue affecting CSS servers.
There is a plugin for CSS that allows to expose SHELL system command.
Of of the examples is !!! compiling helloworld.cpp program and
executing it. Another example might be listing directories, wget-ing
trojans and exposing the whole machine to the world.
This is totally unacceptable. VALVE please FIX this ASAP as this
serious security issue may bring down all machines running CSS
servers.
These are the links:
This is not for Valve to fix!!!!
Valve provide the mechanism for such plugins to be installed and, it is
upto the end user/administrator to decide how it is used and what is
installed.
As someone else has said, if you don't want this on your server don't
download and install it. If you are worried that something like this
exists in another plugin then only install from source code that you
have checked and compiled yourself.
Matt.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
