StatsMe插件MakeStats导致格式字符串攻击漏洞
所影响的操作系统和应用程序StatsMe StatsMe 2.6.9
+ Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
+ Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
+ Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.16 Beta
+ Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
+ Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
+ Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.17 Beta UNSTABLE
+ Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
+ Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
+ Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.19 Beta
+ Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
+ Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
+ Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
+ Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
+ Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
详细描述
"statsme"插件用于"半条命"游戏服务器。
statsme.cpp文件中包含如下代码:
825 char* MakeStats(player_t *pPlayer, char* pList)
826 {
827 sm.player = pPlayer;
828 int len = sprintf(pList,smv_putvars(sm_playerstats->string));
829 for (int i = 0; i < MAX_WEAPONS ; ++i){
由于对sm_playerstats->string参数缺少过滤,提交恶意格式串可以导致覆盖任意堆栈内容,存在执行任意代码可能。
不过需要rcon用户帐户才能利用此漏洞。
发现者
VOID.AT Security <crew@void.at>
转自:安全焦点 好在我不用StatsMe ~HOHO 有惊无险
页:
[1]