AlliedModders

AlliedModders (https://forums.alliedmods.net/index.php)
-   HL1 Servers (HLDS) (https://forums.alliedmods.net/forumdisplay.php?f=131)
-   -   New hlds exploit (https://forums.alliedmods.net/showthread.php?t=153800)

x_warrior 03-29-2011 13:12
New hlds exploit
 
Quote:
Hello
In HLDS'ie is a new bug - funkction runserver(); allows the client to kill the server process. I just know that it does not accept any parameters, so the error must be in another function to which it refers.

I think that this can be described as a serious mistake.

This bug affects all versions of a 99% server HLDS
Anyone knows anything about this? I could find yet this exploit and any bugfix, so i write this thread.

Sn!ff3r 03-29-2011 17:19
Re: New hlds exploit
 
Text in quote box are a my words, just translated.

More info:

Quote:
Server requiring authentication
Client ADMuH JIOX connected
Adr: 109.185.140.182:60239
./hlds_run: line 321: 32066 Killed $HL_CMD
Failed to read a valid object file image from memory.
Cannot access memory at address 0xbffc2b10
/home/tomek/serwer/debug.cmds:4: Error in sourced command file:
Cannot access memory at address 0xbffc2b10
email debug.log to [email protected]
Tue Mar 29 01:40:13 CEST 2011: Server restart in 10 seconds
Quote:
CRASH: Tue Mar 29 01:40:07 CEST 2011
Start Line: ./hlds_i686 -game cstrike -dev -debug -secure -master -pingboost 3 -binary ./hlds_i686 +map de_dust2 +maxplayers 32 +mp_timelimit 20 -noaff -pidfile hlds.31513.pid
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `./hlds_i686 -game cstrike -dev -debug -secure -master -pingboost 3 -binary ./hl'.
Program terminated with signal 11, Segmentation fault.
#0 0x0804a0ea in RunServer ()
#0 0x0804a0ea in RunServer ()
No symbol table info available.
No shared libraries loaded at this time.
Stack level 0, frame at 0xbffc2b14:
eip = 0x804a0ea in RunServer(void); saved eip End of crash report
----------------------------------------------
All versions of hlds_* files are affected with this bug.

Cader 03-29-2011 20:31
Re: New hlds exploit
 
how can I test if my server is able to vulnerable to this bug? :crab:

Sn!ff3r 03-29-2011 20:33
Re: New hlds exploit
 
Quote:
how can I test if my server is able to vulnerable to this bug? http://users.alliedmods.net/%7Esawce/crab.gif
Nobody knows, seems to be a private exploit.

btw. all hlds servers are vulnerable

mabaclu 03-30-2011 08:47
Re: New hlds exploit
 
Mine is, it has been crashed twice. I found a website talking about that exploit (in Romanian, maybe the same site x_warrior found) and I'll pay attention for new updates in case the owner comes up with a fix for the exploit.

LOPAO 04-06-2011 16:53
Re: New hlds exploit
 
Sorry wrong post

saintjimmy 04-07-2011 03:59
Re: New hlds exploit
 
EXPLOIT FIX AVAILABLE HERE
CLICK !!!
It comes as an amxx plugin.I don't have the source.This is a temporary fix, the author of the exploit said that v2 is comeing soon.
If anybody can help permanently stopping this exploit please share.

Sn!ff3r 04-07-2011 08:10
Re: New hlds exploit
 
This cant be fixed by amxmodx plugin.

waza123a 04-07-2011 09:21
Re: New hlds exploit
 
confirm. sv_allowdownload 0 can't fix that 0day exploit


All times are GMT -4. The time now is 23:40.

Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.