Dear VOID.AT Security, This bug is not related to adminmod, but is rather the bug in Half Life itself. At least absolutely same problem is in amx plugin. amx_psay %s%s%s%s causes same trouble. So this is a bug in HalfLife client and may be exploited by malicious server operator (including remote one with permissions to execute any csay/psay command, rcon access is not actually required, it's possible to bind malicious amx_psay command to some key). Since Half Life protocol is not secure it's very likely this bug potentially may be exploited by any remote attacker while client is playing. --Friday, January 10, 2003, 8:49:35 PM, you wrote to bugtraq@securityfocus.com: VAS> Note, the attacker needs to know the rcon-password. VAS> However, it is easy to sniff since it is being transmitted VAS> in plaintext. <skipped> VAS> blackboxed the admin_ssay and admin_psay commands. -- ~/ZARAZA Если даже вы получите какое-нибудь письмо, вы все равно не сумеете его прочитать. (Твен)
