论坛 › HLDS 技术讨论区 › ClanMod插件远程格式字符串漏洞

STGG 发表于 2003-3-18 16:28:14

ClanMod插件远程格式字符串漏洞

UnitedAdmins ClanMod 1.80.19 Beta
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 3.1 And Previous
   + Valve Software Half-Life Dedicated Server 3.1.1 .0 Linux
   + Valve Software Half-Life Dedicated Server 3.1.3 x
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
UnitedAdmins ClanMod 1.81.11 Beta
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 3.1 And Previous
   + Valve Software Half-Life Dedicated Server 3.1.1 .0 Linux
   + Valve Software Half-Life Dedicated Server 3.1.3 x
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32

详细描述
Half-Life ClanMod插件用于"半条命"游戏服务器。

问题存在于'cm_log'命令中，设计用于写消息到服务日志文件中。问题代码server.cpp如下：

2790 void CmdLogMessage()
2791 {
2792         if (CMD_ARGC() > 1) {
2793               UTIL_FillText((char*)CMD_ARGS()/*UTIL_GetVarArgs(1,FALSE)*/, NULL, 256,cmSet.allow_to_execute,NULL,
NULL,TRUE);
2794               UTIL_LogPrintf(UTIL_VarArgs("[%s] %s",Plugin_info.logtag,com_token));
2795         }
2796         else
2797               PrintErrorInfo("cm_log");
2798
2799         //Close any opened gate
2800         cmSet.allow_to_execute_time = gpGlobals->time + 0.25;
2801 }

2794行UTIL_LogPrintf在接收用户提供的字符串时缺少正确检查，可发生格式字符串问题。



发布日期 2003-01-10
发现者 VOID.AT Security <crew@void.at>

转自：安全焦点

yam 发表于 2003-3-19 11:33:41

stgg 开始研究安全啦？？？

cool ~~~
:)

STGG 发表于 2003-3-19 15:59:52

近来对网络安全的有兴趣~~

间中做做CS小黑客，偷偷的帮别人的服务器装上一些插件~~

不知它们的OP知了会怎样了。。。

becking 发表于 2003-3-19 16:02:10

我晕~~把你的偷安装的方法写个帖子..呵呵~~偶也要玩`~:)

STGG 发表于 2003-3-19 16:13:44

那些是网络安全方面的话题，在网上多的是~我也是刚开始学呀

我也是学着别人的帖子做!!但我发觉网上很管理员也真的是。。。HOHO，WIN2000的登陆密码竟是123456，还有的是空密码!!正好给我做练习呢~

-|CatKinG|-*凹 发表于 2003-3-27 10:48:31

那些是NT弱口令入侵~~我以为是通过CS服务器入侵的呢？？呵呵

查看完整版本: ClanMod插件远程格式字符串漏洞