I have also heard in the
past that things like Adminmod are horribly vulnerable... why does this
not surprise me?
This is the first buffer overflow/bounds exploit that we know of for
Admin Mod. The Admin Mod team has always been careful when coding to try
and remove any potential holes like th
Bugtraq is a community of Security Analysts not hackers. They normally
do not post exploits until the vendor is ready with a patch to fix the
exploit. In cases where the vendor ignores the security concern or fails
to take action the exploit is published to inform the community of
possible secur
At 04:16 AM 1/13/2003 -0500, you wrote:
>I'm also concerned after reviewing the site, I'm not sure if their hat
>colour is black, white, or maybe 'grey'.
Bugtraq is a community of Security Analysts not hackers. They normally
do not post exploits until the vendor is ready with a patch to fix the
e
I am very happy to see this subject appear in this list, security is so
commonly overlooked. The number one exploit hackers use are buffer over
flows and the top two places that look are format strings and network
packets.
>And ? What can be done if a buffer overflows ? It's perhaps a basic
>quest
I thought it was common knowledge that you shouldn't run hlds as root...
When one of my close friends managed to mess up glibc on his system, we
were able to successfully fix it by sending malformed packets to the
hlds he had running on the system, as root. I have also heard in the
past that things
ca fais toujours plesir de savoir ke t en vie djeyl
- Original Message -
From: "dJeyL" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 10:46 PM
Subject: Re: [hlcoders] Bugtraq: hl exploits
> (As posted on the hlds_linux mailing
Cortex wrote:
Thx for the explanation :)
But, I wonder if the hacker can hack the program without its source code...
It looks quite hard if he hasnt the source code, because he wouldn't know
where there is a risk of buffer overflow, does he ?
I think that's a fallacy -- that open source code le
JeyL
- Original Message -
From: "botman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 10, 2003 8:44 PM
Subject: Re: [hlcoders] Bugtraq: hl exploits
> > Bugtraq (a security related mailing list) just posted 3 advisories
> > concerning Half-Li
At 09:26 PM 1/10/2003 +0100, you wrote:
Well, explain it only if it can't give enough info about making hack for HL
Sorry, one more point. If we as programmers don't understand what hackers
do, how can we write secure code? :D. We should never be afraid to
understand how they work, such informat
I'll try, i've just been reading my first book about how this works.
I'm a somewhat junior programmer so my understanding is somewhat lacking. I
believe that it is possible because of the way things are represented in
memory, when you're taking in input from a user, so something like this:
void s
Sebastian Steinlechner wrote:
> Actually, this advisory isn't researched to the end. The main problem
> lies in cl_dll's text_message.cpp. Looking at
> CHudTextMessage::MsgFunc_TextMsg() it's clear to see that there are
> MANY potential buffer overflows. e.g., READ_STRING is able to return
> a char
On Fri, 10 Jan 2003, Pat Magnan wrote:
> The good news is that the potential seems limited for those not running
> their servers as root, in the case of the clanmod one.
>
We are getting fixed clanmod binaries out really soon.
.-
Jussi Kivilinna <[EMAIL PROTECTED]>
http://jussi
At 01:44 PM 1/10/2003 -0600, you wrote:
> Bugtraq (a security related mailing list) just posted 3 advisories
> concerning Half-Life (HLTV, ClanMod, Adminmod). I highly recommend to any
> coder and/or sysadmin to check these out (I'm not going to reproduce them
> here, bugtraq has an excellent arch
Hallo,
Friday, January 10, 2003, 20:44,
botman <[EMAIL PROTECTED]> wrote:
Thanks botman, I was unsure whether it would be a good idea to post the
urls here, so you decided it for me...
> http://online.securityfocus.com/archive/1/306120/2003-01-07/2003-01-13/0
Actually, this advisory isn't resea
> Bugtraq (a security related mailing list) just posted 3 advisories
> concerning Half-Life (HLTV, ClanMod, Adminmod). I highly recommend to any
> coder and/or sysadmin to check these out (I'm not going to reproduce them
> here, bugtraq has an excellent archive). Although there's no fix available
>
15 matches
Mail list logo