ZenHAX
https://zenhax.com/

Gmod Source engine "client dll" bug never fixed
https://zenhax.com/viewtopic.php?f=16&t=9
Page 1 of 1

Author:  aluigi [ Tue Aug 05, 2014 12:24 pm ]
Post subject:  Gmod Source engine "client dll" bug never fixed

Basically the attackers can upload files (dll in this specific exploitation) on clients and servers of Gmod and other Source games:

http://steamcommunity.com/games/garrysm ... 2135333176

Some notes:
  • the changelog is dated end of April 2014
  • it's stated that the bug still affects the games based on the Source engine
  • it has been actively exploited in the wild = very very very bad
  • "As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names" :)
I guess that the issue is somewhat related to these old vulnerabilities dated 2009, yes 5 years ago:
http://aluigi.org/adv/sourceupfile-adv.txt
http://www.facepunch.com/showthread.php?t=854605

It's not the first time that I see security issues affecting the Source engine that are partially fixed or can be replicated in other ways.

Author:  MikeTF2 [ Thu Jan 14, 2016 12:17 am ]
Post subject:  Re: Gmod Source engine "client dll" bug never fixed

It seems like an alternative version of the bug has surfaced and being used. There are a lot of threads and other things going around so I'm not positive about anything, and I haven't seen any of the videos before they were taken down, but I would not be surprised, since it is far from the first time Valve's bandaid patches have not worked.

More related info: https://facepunch.com/showthread.php?t= ... st49521034

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/