New hlds exploit

x_warrior · **Author**

Quote:

Hello
In HLDS'ie is a new bug - funkction runserver(); allows the client to kill the server process. I just know that it does not accept any parameters, so the error must be in another function to which it refers.

I think that this can be described as a serious mistake.

This bug affects all versions of a 99% server HLDS

Anyone knows anything about this? I could find yet this exploit and any bugfix, so i write this thread.

Sn!ff3r · 03-29-2011 , 17:19 Re: New hlds exploit

Text in quote box are a my words, just translated.

More info:

Quote:

Server requiring authentication
Client ADMuH JIOX connected
Adr: 109.185.140.182:60239
./hlds_run: line 321: 32066 Killed $HL_CMD
Failed to read a valid object file image from memory.
Cannot access memory at address 0xbffc2b10
/home/tomek/serwer/debug.cmds:4: Error in sourced command file:
Cannot access memory at address 0xbffc2b10
email debug.log to [email protected]
Tue Mar 29 01:40:13 CEST 2011: Server restart in 10 seconds

Quote:

CRASH: Tue Mar 29 01:40:07 CEST 2011
Start Line: ./hlds_i686 -game cstrike -dev -debug -secure -master -pingboost 3 -binary ./hlds_i686 +map de_dust2 +maxplayers 32 +mp_timelimit 20 -noaff -pidfile hlds.31513.pid
Using host libthread_db library "/lib/libthread_db.so.1".
Core was generated by `./hlds_i686 -game cstrike -dev -debug -secure -master -pingboost 3 -binary ./hl'.
Program terminated with signal 11, Segmentation fault.
#0 0x0804a0ea in RunServer ()
#0 0x0804a0ea in RunServer ()
No symbol table info available.
No shared libraries loaded at this time.
Stack level 0, frame at 0xbffc2b14:
eip = 0x804a0ea in RunServer(void); saved eip End of crash report
----------------------------------------------

All versions of hlds_* files are affected with this bug.

Cader · 03-29-2011 , 20:31 Re: New hlds exploit

how can I test if my server is able to vulnerable to this bug?

Sn!ff3r · 03-29-2011 , 20:33 Re: New hlds exploit

Quote:

how can I test if my server is able to vulnerable to this bug?

Nobody knows, seems to be a private exploit.

btw. all hlds servers are vulnerable

mabaclu · 03-30-2011 , 08:47 Re: New hlds exploit

Mine is, it has been crashed twice. I found a website talking about that exploit (in Romanian, maybe the same site x_warrior found) and I'll pay attention for new updates in case the owner comes up with a fix for the exploit.

LOPAO · 04-06-2011 , 16:53 Re: New hlds exploit

Sorry wrong post

saintjimmy · 04-07-2011 , 03:59 Re: New hlds exploit

EXPLOIT FIX AVAILABLE HERE
CLICK !!!
It comes as an amxx plugin.I don't have the source.This is a temporary fix, the author of the exploit said that v2 is comeing soon.
If anybody can help permanently stopping this exploit please share.

Sn!ff3r · 04-07-2011 , 08:10 Re: New hlds exploit

This cant be fixed by amxmodx plugin.

waza123a · 04-07-2011 , 09:21 Re: New hlds exploit

confirm. sv_allowdownload 0 can't fix that 0day exploit