Yes, there is same exploit, which can upload some files to your servers.
We got some attacks to the counter-strike servers in the russia. Attacker
use this exploit for upload his exec.cfg which contain rcon_password
command into addons/metamod/ folder or intor
addons/amxmodx/configs/maps/*.cfg folder. On changelevel metamod or
amxmodx execute those files and attacker can change your rcon password by
this way. Also there is fix made by Crock an dproto developer.
http://yadi.sk/d/HPeX3m5J2VFTM - upfile_fix.7z (891 kb)
Dont forget make backup before installing this files.
Rename swds_p2.dll to swds.dll and replace this with your if you running
windows server.
Rename engine_i686_p2.so to engine_i686.so and replace this with your if
you running linux server.
Remember: use this at own risk!
VALVe made beta update for Half-Life 1 and Counter-Strike 1.6:
http://steamcommunity.com/games/70/announcements/detail/1028213938121961778
* Fixed malicious clients being able to upload certain new files to
servers
And i hope theys made fix for HLDS soon.
Ignacio DM <ignacio.d...@gmail.com> писал(а) в своём письме Sun, 10 Feb
2013 11:07:18 +0500:
Is the potential file upload exploit present in the current "stable"
HLDS? I ask because I should upgrade to the beta in that case.
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds
