Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
[ 13.07.2004 04:45 ] Dominic wrote: >I'll try to put a "clean" version of this fix out tomorrow (CEST), but it >would be nice if someone who followed the 3.1.1.x stream more closely >could tell me what versions of hlds_l include fixes against what >vulnerabilities (some 3.1.1.1x fix the buffer-overflow, ...), as I stayed >away from the topic for too long. Maybe this helps you: http://mirror.ruwen.org/hlserver_readme.txt > >Kind regards, > >Dominic A working fix for 3.1.1.1 would be great :) greetings ruwen ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Kingsley Foreman wrote: why would they??? would u work on a project that will be made obsolete in less then 1 month Dude, it was a joke. har har, yuk yuk, ho ho ho... -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
why would they??? would u work on a project that will be made obsolete in less then 1 month - Original Message - From: "m0gely" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 13, 2004 6:34 PM Subject: Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd) > Alfred Reynolds wrote: > > Any HLDS server binary before the Steam release on July 7, 2004 is > > vunerable to this crash bug. As WON will be shutdown within the month > > you should convert to Steam if you believe you are at risk. > > > > - Alfred > > Does this mean you're not going to fix the spray bug for 1.5? > > -- > - m0gely > http://quake2.telestream.com/ > Q2 | Q3A | Counter-strike > > ___ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > > ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Alfred Reynolds wrote: Any HLDS server binary before the Steam release on July 7, 2004 is vunerable to this crash bug. As WON will be shutdown within the month you should convert to Steam if you believe you are at risk. - Alfred Does this mean you're not going to fix the spray bug for 1.5? -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Dominic wrote: Hello everyone, I've put together a quick fix against that vulnerability. This fix is for hlds_linux 3.1.1.0c _ONLY_, i haven't even thought about the implications it might have with 3.1.1.1x versions. It works for me (e.g. doesn't crash on load), allows me to play, and prevents the poc by Luigi Auriemma from crashing the server. Let me know what it does for you - it should work, but it is really a _quick_ fix - I got aware of the problem 4 hours ago, and I desperately need to catch some sleep... use it at your OWN RISK. I use the dlfile-addon code by ScottL, so thanks a lot to him! See the readme for additional information, especially about installation. http://mmd.ath.cx/hlds_l_multifix.tar.gz Even though the archive is small, it would be great if someone with a real server could put it there. http://www.axia.org.uk/downloads/Fixes/hlds_l_multifix.tar.gz Here is a mirror for you, Matt. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Any HLDS server binary before the Steam release on July 7, 2004 is vunerable to this crash bug. As WON will be shutdown within the month you should convert to Steam if you believe you are at risk. - Alfred Original Message From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of m0gely Sent: Tuesday, July 13, 2004 1:32 AM To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd) > Dominic wrote: > > The latest non-Steam patch is stopped at the 1.1.1.0 (affected by > > other worst bugs) and is no longer supported. > > So he doesn't know about 3/4.1.1.1x? Are they affected then? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Dominic wrote: The latest non-Steam patch is stopped at the 1.1.1.0 (affected by other worst bugs) and is no longer supported. So he doesn't know about 3/4.1.1.1x? Are they affected then? -- - m0gely http://quake2.telestream.com/ Q2 | Q3A | Counter-strike ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
Hello everyone, I've put together a quick fix against that vulnerability. This fix is for hlds_linux 3.1.1.0c _ONLY_, i haven't even thought about the implications it might have with 3.1.1.1x versions. It works for me (e.g. doesn't crash on load), allows me to play, and prevents the poc by Luigi Auriemma from crashing the server. Let me know what it does for you - it should work, but it is really a _quick_ fix - I got aware of the problem 4 hours ago, and I desperately need to catch some sleep... use it at your OWN RISK. I use the dlfile-addon code by ScottL, so thanks a lot to him! See the readme for additional information, especially about installation. http://mmd.ath.cx/hlds_l_multifix.tar.gz Even though the archive is small, it would be great if someone with a real server could put it there. I'll try to put a "clean" version of this fix out tomorrow (CEST), but it would be nice if someone who followed the 3.1.1.x stream more closely could tell me what versions of hlds_l include fixes against what vulnerabilities (some 3.1.1.1x fix the buffer-overflow, ...), as I stayed away from the topic for too long. Kind regards, Dominic On Tue, 13 Jul 2004, Dominic wrote: > This has just been posted to several security related mailing-lists, and I > thought it might be of interest to this list. > > The steam changelog mentions the fix: > > ENGINE: > Addressed split packet issue (found by Luigi Auriemma) > ... > > Maybe a "heads-up" to the remaining cs 1.5 servers would have been nice, > too... > > Kind regards, > > Dominic > > -- Forwarded message -- > Date: Mon, 12 Jul 2004 18:54:00 + > From: Luigi Auriemma <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], > [EMAIL PROTECTED] > Subject: [Full-Disclosure] Remote crash of Half-Life servers and clients > (versions before the 07 July 2004) > > > ### > > Luigi Auriemma > > Application: Half-Life engine > http://half-life.sierra.com > http://www.steampowered.com > Versions: before the 07 July 2004 (both Steam and not-Steam) > Platforms:Windows and Linux > Bug: writing on a read-only memory zone causing crash > Risk: high > Exploitation: remote, versus server and client > Date: 12 July 2004 > Bug found by: Terry Henning (aka Soul Beaver) > Advisory: Luigi Auriemma > e-mail: [EMAIL PROTECTED] > web:http://aluigi.altervista.org > > > ### > > > 1) Introduction > 2) Bug > 3) The Code > 4) Fix > > > ### > > === > 1) Introduction > === > > > Half-Life is the most famous FPS game existent, no doubts. > It has been developed by Valve (http://www.valvesoftware.com) and has > been released in the far 1998, but also after all this time it > continues to be the most played game with its MODs like Counter-Strike, > Natural selection, Sven-coop and many others. > Everyday there are about 37.000 servers online! > > As already specified in the header of this advisory I want to underline > that this bug has been found by Terry Henning. > > > ### > > == > 2) Bug > == > > > The problem is a crash of the game (both servers and clients are > vulnerables) caused by a malformed packet. > Each Half-Life packet is composed by the first 8 bytes used to track > packets and to reassemble splitted data, just this second feature is > the cause of the crash because the game doesn't correctly manage the > empty splitted packets (so composed by the first 8 bytes only). > The crash is the effect of the copying of data to a read-only part of > memory (.reloc of swds.dll). > > An example of malicious packet is the following: > > "\xFE\xFF\xFF\xFF\x00\x00\x00\x00" > > Naturally spoofing is possible. > > > ### > > === > 3) The Code > === > > > http://aluigi.altervista.org/poc/hlboom.zip > > > ### > > == > 4) Fix > == > > > If you use Steam you are already patched by some days. > > To note that Half-Life is now supported ONLY via Steam, the half hated > or loved content management system of Valve. > The latest non-Steam patch is stopped at the 1.1.1.0 (affected by other > worst bugs) and is no longer supported. > > > ### > > > --- > Luigi Auriemma > http://aluigi.altervista.org > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > ___ > To unsu
Re: [hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
My 'auto-updating' server was vulnerable. Now manually updating. Thanks for the heads up Dominic wrote: This has just been posted to several security related mailing-lists, and I thought it might be of interest to this list. The steam changelog mentions the fix: ENGINE: Addressed split packet issue (found by Luigi Auriemma) ... Maybe a "heads-up" to the remaining cs 1.5 servers would have been nice, too... Kind regards, Dominic -- Forwarded message -- Date: Mon, 12 Jul 2004 18:54:00 + From: Luigi Auriemma <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) ### Luigi Auriemma Application: Half-Life engine http://half-life.sierra.com http://www.steampowered.com Versions: before the 07 July 2004 (both Steam and not-Steam) Platforms:Windows and Linux Bug: writing on a read-only memory zone causing crash Risk: high Exploitation: remote, versus server and client Date: 12 July 2004 Bug found by: Terry Henning (aka Soul Beaver) Advisory: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:http://aluigi.altervista.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Half-Life is the most famous FPS game existent, no doubts. It has been developed by Valve (http://www.valvesoftware.com) and has been released in the far 1998, but also after all this time it continues to be the most played game with its MODs like Counter-Strike, Natural selection, Sven-coop and many others. Everyday there are about 37.000 servers online! As already specified in the header of this advisory I want to underline that this bug has been found by Terry Henning. ### == 2) Bug == The problem is a crash of the game (both servers and clients are vulnerables) caused by a malformed packet. Each Half-Life packet is composed by the first 8 bytes used to track packets and to reassemble splitted data, just this second feature is the cause of the crash because the game doesn't correctly manage the empty splitted packets (so composed by the first 8 bytes only). The crash is the effect of the copying of data to a read-only part of memory (.reloc of swds.dll). An example of malicious packet is the following: "\xFE\xFF\xFF\xFF\x00\x00\x00\x00" Naturally spoofing is possible. ### === 3) The Code === http://aluigi.altervista.org/poc/hlboom.zip ### == 4) Fix == If you use Steam you are already patched by some days. To note that Half-Life is now supported ONLY via Steam, the half hated or loved content management system of Valve. The latest non-Steam patch is stopped at the 1.1.1.0 (affected by other worst bugs) and is no longer supported. ### --- Luigi Auriemma http://aluigi.altervista.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) (fwd)
This has just been posted to several security related mailing-lists, and I thought it might be of interest to this list. The steam changelog mentions the fix: ENGINE: Addressed split packet issue (found by Luigi Auriemma) ... Maybe a "heads-up" to the remaining cs 1.5 servers would have been nice, too... Kind regards, Dominic -- Forwarded message -- Date: Mon, 12 Jul 2004 18:54:00 + From: Luigi Auriemma <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: [Full-Disclosure] Remote crash of Half-Life servers and clients (versions before the 07 July 2004) ### Luigi Auriemma Application: Half-Life engine http://half-life.sierra.com http://www.steampowered.com Versions: before the 07 July 2004 (both Steam and not-Steam) Platforms:Windows and Linux Bug: writing on a read-only memory zone causing crash Risk: high Exploitation: remote, versus server and client Date: 12 July 2004 Bug found by: Terry Henning (aka Soul Beaver) Advisory: Luigi Auriemma e-mail: [EMAIL PROTECTED] web:http://aluigi.altervista.org ### 1) Introduction 2) Bug 3) The Code 4) Fix ### === 1) Introduction === Half-Life is the most famous FPS game existent, no doubts. It has been developed by Valve (http://www.valvesoftware.com) and has been released in the far 1998, but also after all this time it continues to be the most played game with its MODs like Counter-Strike, Natural selection, Sven-coop and many others. Everyday there are about 37.000 servers online! As already specified in the header of this advisory I want to underline that this bug has been found by Terry Henning. ### == 2) Bug == The problem is a crash of the game (both servers and clients are vulnerables) caused by a malformed packet. Each Half-Life packet is composed by the first 8 bytes used to track packets and to reassemble splitted data, just this second feature is the cause of the crash because the game doesn't correctly manage the empty splitted packets (so composed by the first 8 bytes only). The crash is the effect of the copying of data to a read-only part of memory (.reloc of swds.dll). An example of malicious packet is the following: "\xFE\xFF\xFF\xFF\x00\x00\x00\x00" Naturally spoofing is possible. ### === 3) The Code === http://aluigi.altervista.org/poc/hlboom.zip ### == 4) Fix == If you use Steam you are already patched by some days. To note that Half-Life is now supported ONLY via Steam, the half hated or loved content management system of Valve. The latest non-Steam patch is stopped at the 1.1.1.0 (affected by other worst bugs) and is no longer supported. ### --- Luigi Auriemma http://aluigi.altervista.org ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
