I guess the shadow update has fixed the exploit now?
It definitely looks like they didn't go quite far with the exploit (we
were hit by it aswell). I assume they downloaded the server.cfg to get
a hold of the rcon password, correct? And there probably is no trace
of any of this happening.
Would
A fix was released for this issue. I'm not completely satisfied with
their resolution, but if you're paranoid there are a couple of
mitigations worth considering:
1. Using a strict whitelist such as:
https://forums.alliedmods.net/showthread.php?t=142249 (currently
broken, no plans to update
The CS:S server still NEVER get's into secure mode - even after leaving
it alone for several days, multiple restarts, etc. It has been this way
since the update on Sat, 19 Apr 2014 17:58:25 -0700. Prior to that update,
everything was fine.
In this case, my server is running under Debian Linux.
Just a quick update:
1) Tried bringing-up CS:S server without sv_setsteamaccount, and it
worked fine.
2) I double-checked the configuration of my other servers that use
sv_setsteamaccount. The login_token was not a duplicate.
3) Checked the login_token to verify it wasn't missing a character or
4 matches
Mail list logo