Free Game Research Forum | Official QuickBMS support | twitter @zenhax
It is currently Fri Dec 02, 2022 12:12 am

All times are UTC

Post new topic  Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Tue Aug 05, 2014 12:24 pm 
Site Admin
User avatar

Joined: Wed Jul 30, 2014 9:32 pm
Posts: 12984
Basically the attackers can upload files (dll in this specific exploitation) on clients and servers of Gmod and other Source games:

http://steamcommunity.com/games/garrysm ... 2135333176

Some notes:
  • the changelog is dated end of April 2014
  • it's stated that the bug still affects the games based on the Source engine
  • it has been actively exploited in the wild = very very very bad
  • "As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names" :)
I guess that the issue is somewhat related to these old vulnerabilities dated 2009, yes 5 years ago:

It's not the first time that I see security issues affecting the Source engine that are partially fixed or can be replicated in other ways.

PostPosted: Thu Jan 14, 2016 12:17 am 

Joined: Tue Dec 01, 2015 4:28 am
Posts: 1
It seems like an alternative version of the bug has surfaced and being used. There are a lot of threads and other things going around so I'm not positive about anything, and I haven't seen any of the videos before they were taken down, but I would not be surprised, since it is far from the first time Valve's bandaid patches have not worked.

More related info: https://facepunch.com/showthread.php?t= ... st49521034

Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 2 posts ] 

All times are UTC

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited