Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
Staying out of cstrike directory renders startup scripts secure so I've put my users.ini file outside cstrike (users_file "../users.ini") and I've tried to retrieve it. I've also changed my server.cfg to something like jfrfhruehfrhfr.cfg Anyway I have faith that Alfred will fix asap it as I've noticed the new blood that flows in Valve's veins. Emanuel 'Rygars' Harangus Technical Manager, Professional Gamers League Romania - Original Message - From: "Florian Zschocke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 20, 2003 2:13 PM Subject: Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS > [FAW]Terran wrote: > > > I didn't follow the entire thread. But if I can download the adminmod.cfg > > all i have to do is to take a look into it and i will know the location of > > the users.ini file... > > The advisory says that you can only download files from below the > game directory (e.g. cstrike) or the valve directory. From that I > am assuming that a relative path leading out of those would not > work. This is something that had been fixed by Valve in a > different context some time ago. But I haven't tested this myself > yet, so I can't say for sure if you can download files from above > those directory with the method described. > > Florian. > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
[FAW]Terran wrote: I didn't follow the entire thread. But if I can download the adminmod.cfg all i have to do is to take a look into it and i will know the location of the users.ini file... The advisory says that you can only download files from below the game directory (e.g. cstrike) or the valve directory. From that I am assuming that a relative path leading out of those would not work. This is something that had been fixed by Valve in a different context some time ago. But I haven't tested this myself yet, so I can't say for sure if you can download files from above those directory with the method described. Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
-- --On Donnerstag, 20. November 2003 12:57 +0100 Sindre <[EMAIL PROTECTED]> wrote: > sure, but you can't dl the server.cfg if it's a level below the hlds-dir If I understood that correctly you cannot download files directly located e.g. in the cstrike directory that way? If that's true than moving the users.ini to that directory surely would solve that problem. BTW: some (long) time ago all configuration files were located there :-) Than someone had the (good!) idea to introduce the "addon" directory structure... >> I didn't follow the entire thread. But if I can download the adminmod.cfg >> all i have to do is to take a look into it and i will know the location >> of the users.ini file... -- visit www.cs4us.de Public CS: 134.60.100.26:27015 -- [ Content of type application/pgp-signature deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
sure, but you can't dl the server.cfg if it's a level below the hlds-dir - Sindre >I didn't follow the entire thread. But if I can download the adminmod.cfg >all i have to do is to take a look into it and i will know the location of >the users.ini file... > > >-- >visit www.cs4us.de >Public CS: 134.60.100.26:27015 >-- >[ Content of type application/pgp-signature deleted ] >-- > > >___ >To unsubscribe, edit your list preferences, or view the list archives, please visit: >http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
-- --On Donnerstag, 20. November 2003 11:27 +0100 Florian Zschocke <[EMAIL PROTECTED]> wrote: > Emanuel Harangus wrote: >> I could dl addons/adminmod/config/users.ini .. addons/metamod/plugins.ini >> The server.cfg seems to fail as exists in hdd. >> I disabled allowdownload and allowupload until further news about fixing >> the exploit. > > As for Admin Mod: you can move the Admin Mod config files like > users.ini to a directory above the game directory so that a > download will not work anymore. You just have to specify the path > in the adminmod.cfg file accordingly. Example: > > addons/adminmod/config/adminmod.cfg: > users_file ../../adminmod/config/users.ini > > And the tree: > > -- somedir >|-- hlds >| |-- cstrike >| \-- valve >| >\-- adminmod > \-- config > \-- users.ini > > (I hope you use a fixed width font to read your email or you may > not see the tree drawing correctly.) > > Florian. I didn't follow the entire thread. But if I can download the adminmod.cfg all i have to do is to take a look into it and i will know the location of the users.ini file... -- visit www.cs4us.de Public CS: 134.60.100.26:27015 -- [ Content of type application/pgp-signature deleted ] -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
Still when I download /maps/de_survivor.bsp the server will crash... And I think (didn't tested it) that you still might be able to use /../../adminmod/config/users.ini in the exploit to still get the users.ini. For the server.cfg I think you need the non-steam client to download it (again not tested) since steam has a server.cfg in the cache (?) Jesper - Original Message - From: "Emanuel Harangus" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS Date: Thu, 20 Nov 2003 12:51:55 +0200 That's in fact a brilliant idea :) - Original Message - From: "Florian Zschocke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 20, 2003 12:27 PM Subject: Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS > Emanuel Harangus wrote: > > I could dl addons/adminmod/config/users.ini .. addons/metamod/plugins.ini > > The server.cfg seems to fail as exists in hdd. > > I disabled allowdownload and allowupload untill further news about fixing > > the exploit. > > As for Admin Mod: you can move the Admin Mod config files like > users.ini to a directory above the game directory so that a download > will not work anymore. You just have to specify the path in the > adminmod.cfg file accordingly. Example: > > addons/adminmod/config/adminmod.cfg: > users_file ../../adminmod/config/users.ini > > And the tree: > > -- somedir >|-- hlds >| |-- cstrike >| \-- valve >| >\-- adminmod > \-- config > \-- users.ini > > (I hope you use a fixed width font to read your email or you may not > see the tree drawing correctly.) > > Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
That's in fact a brilliant idea :) - Original Message - From: "Florian Zschocke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, November 20, 2003 12:27 PM Subject: Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS > Emanuel Harangus wrote: > > I could dl addons/adminmod/config/users.ini .. addons/metamod/plugins.ini > > The server.cfg seems to fail as exists in hdd. > > I disabled allowdownload and allowupload untill further news about fixing > > the exploit. > > As for Admin Mod: you can move the Admin Mod config files like > users.ini to a directory above the game directory so that a > download will not work anymore. You just have to specify the path > in the adminmod.cfg file accordingly. Example: > > addons/adminmod/config/adminmod.cfg: > users_file ../../adminmod/config/users.ini > > And the tree: > > -- somedir >|-- hlds >| |-- cstrike >| \-- valve >| >\-- adminmod > \-- config > \-- users.ini > > (I hope you use a fixed width font to read your email or you may > not see the tree drawing correctly.) > > Florian. > > > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
Emanuel Harangus wrote: I could dl addons/adminmod/config/users.ini .. addons/metamod/plugins.ini The server.cfg seems to fail as exists in hdd. I disabled allowdownload and allowupload untill further news about fixing the exploit. As for Admin Mod: you can move the Admin Mod config files like users.ini to a directory above the game directory so that a download will not work anymore. You just have to specify the path in the adminmod.cfg file accordingly. Example: addons/adminmod/config/adminmod.cfg: users_file ../../adminmod/config/users.ini And the tree: -- somedir |-- hlds | |-- cstrike | \-- valve | \-- adminmod \-- config \-- users.ini (I hope you use a fixed width font to read your email or you may not see the tree drawing correctly.) Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
I could dl addons/adminmod/config/users.ini .. addons/metamod/plugins.ini The server.cfg seems to fail as exists in hdd. I disabled allowdownload and allowupload untill further news about fixing the exploit. Emanuel 'Rygars' Harangus Technical Manager, Professional Gamers League Romania ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server information leak and DoS
I surely couldn't download server.cfg file. I tried to remove them from my
client and download server.cfg again and it failed.
Emanuel 'Rygars' Harangus
Technical Manager,
Professional Gamers League Romania
- Original Message -
From: "Alastair Grant" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 20, 2003 1:30 AM
Subject: Re: [hlds_linux] [Full-Disclosure] Half Life dedicated server
information leak and DoS
> You can't seem to download the server.cfg file. I've tried it on my
> servers and it won't work.
>
> Also it won't download anything below your mod directory, which is good
> news. I tried downloading hlds_run and /etc/passwd both failed.
>
> Although you can download other files. Please could somebody confirm
> downloading of the server.cfg doesn't work.
>
> I'm currently got the rcon password in the command line run for the
> server so it's not written down. This of course is not an option if you
> are on a shared box; as people can see the password in the process
listing.
>
> Simon Street wrote:
> > And fwed here.
> >
> > Ignore if you don't care etc etc...
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Russell
> > Sent: 19 November 2003 20:41
> > To: [EMAIL PROTECTED]
> > Subject: [hlds] [CRITICAL] Fw: [Full-Disclosure] Half Life dedicated
server
> > information leak and DoS
> >
> >
> > Forwarded to [EMAIL PROTECTED] as i feel it has some relevance
and
> > you server admins need to protect yourselves.
> >
> > Tested and confirmed (for files other than server.cfg) on TFC.
> >
> > I believe in full disclosure.
> >
> > - Original Message -
> > From: "3APA3A" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, November 19, 2003 4:07 PM
> > Subject: [Full-Disclosure] Half Life dedicated server information leak
and
> > DoS
> >
> >
> >
> >>
> >>Probably is known, but is not documented:
> >>
> >>Vendor: Valve software
> >>Software: hlds, all versions (including steam).
> >>Problem: Information leak, DoS
> >>Author: SYZo[SND]
> >>
> >>Problem:
> >>
> >>in server configuration, if allowdownload = 1, it's possible to
> >>download any file from directory of the current game (cstrike was
> >>tested) or from 'valve' directory from server. Allowdownload is
> >>required to allow clients to retrieve new maps from server.
> >>
> >>Impact:
> >>
> >>It's possible to download configuration files (like server.cfg,
> >>configuration files for different mods, etc) with sensitive
> >>information, including passwords. Additionally, downloading large
> >>file (for example
> >>map) causes server to crash.
> >>
> >>"Exploit":
> >>
> >> cmd dlfile server.cfg
> >> cmd dlfile addons/amx/users.ini
> >> cmd dlfile addons/amx/mysql.cfg
> >> cmd dlfile maps/de_torn.bsp
> >>
> >>Workaround:
> >>
> >> disable downloads.
> >>
> >>--
> >>http://www.security.nnov.ru
> >> /\_/\
> >>{ , . } |\
> >>+--oQQo->{ ^ }<-+ \
> >>| ZARAZA U 3APA3A } You know my name - look up my number (The
> >
> > Beatles)
> >
> >>+-o66o--+ /
> >>|/
> >>
> >>___
> >>Full-Disclosure - We believe in it.
> >>Charter: http://lists.netsys.com/full-disclosure-charter.html
> >>
> >
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
> > please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
> >
> >
> > ___
> > To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> > http://list.valvesoftware.com/mailman/listinfo/hlds_linux
> >
> >
>
> --
> Wireplay Official
> http://www.wireplay.co.uk/
>
> ___
> To unsubscribe, edit your list preferences, or view the list archives,
please visit:
> http://list.valvesoftware.com/mailman/listinfo/hlds_linux
___
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
