Suggest A Fix PC Support Forums > Half-Life Gaming Server Can Execute Arbitrary Code

Full Version: Half-Life Gaming Server Can Execute Arbitrary Code

Suggest A Fix PC Support Forums > Security > Security News and Warnings

73-997563179

Sep 22 2001, 11:07 AM

A malicious Half-Life server can remotely cause arbitrary code to be executed by the Half-Life client. The code will be executed with the permissions of the Half-Life user.A vulnerability was reported in the Half-Life gaming system client, where a Half-Life server can trigger a buffer overflow in the client and execute arbitrary code on the client.

It is reported that there is a buffer overflow in the console command "connect" on Windows-based Half-Life clients. If the command is executed with approximately 128 characters, the buffer overflow can be triggered. A remote Half-Life server can apparently use the "g_engfuncs.pfnClientCommand" function to force the client to execute the console command. No solution was available at the time of this entry. A fix will reportedly be included in the next product update. "Stanley G. Bubrouski" <stan@ccs.neu.edu>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.