Security Focus have found a new exploit with the HLDS (Half-Life Dedicated server) software.
The affected versions are:
Win32 18.104.22.168 and 22.214.171.124
Linux 126.96.36.199 and 188.8.131.52
- There is a buffer overflow in the Half-Life servers.
Both the dedicated server and the game server are vulnerable.
The only limitation in this buffer-overflow is that some bytes can not be used in the shellcode because they are delimiters or otherwise reserved for use by the Half-Life protocol. This puts some minor constraints on the execution of the remote code, but is far from limiting.
Further, there is a Denial of Service vulnerability that completely freezes the server, entering it into an infinite loop.
Win32 184.108.40.206 fix: https://www.pivx.com/luigi/patches/hlbof-se...er-1110-fix.zip
Win32 220.127.116.11 fix: https://www.pivx.com/luigi/patches/hlbof-se...r-4111a-fix.zip
News source: Security Focus