Despotes
09-24-01, 06:24 PM
The following was taken from here------
http://www.icrontic.com/index.php?page=public/index
What would a new patch be without a new huge exploit? Well, the new 1.1.0.8 Half-Life patch has an exploit which allows people to do anything they want on your computer. Servers are included.
"By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server."
http://www.icrontic.com/index.php?page=public/index
What would a new patch be without a new huge exploit? Well, the new 1.1.0.8 Half-Life patch has an exploit which allows people to do anything they want on your computer. Servers are included.
"By running the command with around 128 characters it is possible to overflow the buffer and execute arbitrary code. While this problem is on the client side it is still a serious issue, since servers have a function named "g_engfuncs.pfnClientCommand" which allows the server to force clients to execute whatever console command they want. This means that this overflow can be exploited remotely by means of this function. A server administrator could easily easily take advantage of this and exploit clients automatically as they connected to the server."