ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Wed Aug 23, 2017 3:50 pm

All times are UTC




Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Aug 05, 2014 12:24 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 6459
Basically the attackers can upload files (dll in this specific exploitation) on clients and servers of Gmod and other Source games:

http://steamcommunity.com/games/garrysm ... 2135333176

Some notes:
  • the changelog is dated end of April 2014
  • it's stated that the bug still affects the games based on the Source engine
  • it has been actively exploited in the wild = very very very bad
  • "As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names" :)
I guess that the issue is somewhat related to these old vulnerabilities dated 2009, yes 5 years ago:
http://aluigi.org/adv/sourceupfile-adv.txt
http://www.facepunch.com/showthread.php?t=854605

It's not the first time that I see security issues affecting the Source engine that are partially fixed or can be replicated in other ways.


Top
   
PostPosted: Thu Jan 14, 2016 12:17 am 

Joined: Tue Dec 01, 2015 4:28 am
Posts: 1
It seems like an alternative version of the bug has surfaced and being used. There are a lot of threads and other things going around so I'm not positive about anything, and I haven't seen any of the videos before they were taken down, but I would not be surprised, since it is far from the first time Valve's bandaid patches have not worked.

More related info: https://facepunch.com/showthread.php?t= ... st49521034


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited