lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20041014112724.29009.qmail@www.securityfocus.com>
Date: 14 Oct 2004 11:27:24 -0000
From: Some One <mc.iglo@...lan.de>
To: bugtraq@...urityfocus.com
Subject: UPDATE: Format String Vulnerability in Valve's CS-Source


In-Reply-To: <20041013154826.13068.qmail@....securityfocus.com>

Hi, 
i just found out, that u can also use it remotely against the server without any knowledge of the rcon-password!
just do the following:
type 'name "%n"' (without ') to console and wait until you get killed.
The server will be killed, too!

The other hand side, if you kill an other player, the server wont be affected.


>Hi,
>
>if u type '%n' (without ') to in-game-console, your game crashes instantly.
>
>So far, i was not able, to do this remotely with rcon %n e.g., but this does not mean, it is not possible.
>
>Valve also got informed.
>
>
>P.S. i want the old CS-betas back, where you needed skill instead of luck to hit the enemys head
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ