|
|
Valve Software Half-Life Dedicated Server多个请求缓冲区溢出漏洞
发布时间:2003-08-01
更新时间:2003-08-01
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8300
受影响系统Valve Software Half-Life 1.1 .0.9
Valve Software Half-Life 1.1 .0.8
- Microsoft Windows 98
- Microsoft Windows 98 a
- Microsoft Windows 98 b
- Microsoft Windows 98 SP1
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Valve Software Half-Life 1.1 .0.4 Windows
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
Valve Software Half-Life 1.1 .0.4 Linux
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.2
- RedHat Linux 6.2 i386
- RedHat Linux 7.0 i386
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3.1
Valve Software Half-Life 1.1.1 .0
Valve Software Half-Life Dedicated Server 3.1.1 .1c1 Linux
Valve Software Half-Life Dedicated Server 4.1.1 .1a Win32 详细描述
Half-Life servers存在缓冲区溢出问题,攻击者提交恶意请求,由于对加入游戏的请求包含的参数缺少充分检查,可导致产生缓冲区溢出,使服务器崩溃,并可能执行任意代码。
测试代码
测试程序下载:
http://www.pivx.com/luigi/poc/hlbof-server.zip
解决方案
补丁下载:
Half-Life 1.1.1.0 dedicated server (retail game):
http://www.pivx.com/luigi/patches/hlbof-server-1110-fix.zip
Half-Life 4.1.1.1a dedicated server for Windows:
http://www.pivx.com/luigi/patches/hlbof-server-4111a-fix.zip
相关信息
Auriemma Luigi <aluigi@pivx.com>.
参考:http://www.securityfocus.com/archive/1/330880
|
