Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos network security services platform







Bugtraq: Half Life dedicated server information leak and DoS

Half Life dedicated server information leak and DoS

From: 3APA3A <3APA3A_at_SECURITY.NNOV.RU>
Date: Wed, 19 Nov 2003 18:27:06 +0300

Dear bugtraq_at_securityfocus.com,

Probably is known, but is not documented:

Vendor: Valve software
Software: hlds, all versions (including steam).
Problem: Information leak, DoS
Author: SYZo[SND]

Problem:

in server configuration, if allowdownload = 1, it's possible to download
any file from directory of the current game (cstrike was tested) or from
'valve' directory from server. Allowdownload is required to allow
clients to retrieve new maps from server.

Impact:

It's possible to download configuration files (like server.cfg,
configuration files for different mods, etc) with sensitive information,
including passwords. Additionally, downloading large file (for example
map) causes server to crash.

"Exploit":

  cmd dlfile server.cfg
  cmd dlfile addons/amx/users.ini
  cmd dlfile addons/amx/mysql.cfg
  cmd dlfile maps/de_torn.bsp

Workaround:

  disable downloads. 

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/
Received on Nov 19 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]