On Apr 6, 2006, at 6:39 AM, Adam Grzesko wrote:
Hi, We've found a serious security issue affecting CSS servers. There is a plugin for CSS that allows to expose SHELL system command. Of of the examples is !!! compiling helloworld.cpp program and executing it. Another example might be listing directories, wget-ing trojans and exposing the whole machine to the world.
Uh, folks? Is there something other than a mod here that I am seeing? How is this a breach in security any different from telling inetd to rm - rf / everytime they hit the tcp echo port? It is not valve's fault that you install this. Please use your head when accusing others. -- Erik Hollensbe [EMAIL PROTECTED] _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
