搜索
查看: 2090|回复: 2

StatsMe插件MakeStats导致格式字符串攻击漏洞

[复制链接]
发表于 2003-3-18 15:04:38 | 显示全部楼层 |阅读模式 来自 中国–广东–江门–新会区
所影响的操作系统和应用程序
StatsMe StatsMe 2.6.9
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.16 Beta
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.17 Beta UNSTABLE
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32
StatsMe StatsMe 2.6.19 Beta
   + Valve Software Half-Life Dedicated Server 3.1 .0.4 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.5 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.6 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.7 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.8 Linux
   + Valve Software Half-Life Dedicated Server 3.1 .0.9 Linux
   + Valve Software Half-Life Dedicated Server 4.1 .0.4 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.6 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.7 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.8 Win32
   + Valve Software Half-Life Dedicated Server 4.1 .0.9 Win32
   + Valve Software Half-Life Dedicated Server 4.1.1 .0 Win32  
  
详细描述
"statsme"[1]插件用于"半条命"游戏服务器。

statsme.cpp文件中包含如下代码:

825 char* MakeStats(player_t *pPlayer, char* pList)
826 {
827         sm.player = pPlayer;
828         int len = sprintf(pList,smv_putvars(sm_playerstats->string));
829         for (int i = 0; i < MAX_WEAPONS ; ++i)  {

由于对sm_playerstats->string参数缺少过滤,提交恶意格式串可以导致覆盖任意堆栈内容,存在执行任意代码可能。

不过需要rcon用户帐户才能利用此漏洞。


发现者
VOID.AT Security <crew@void.at>

转自:安全焦点
发表于 2003-3-18 15:30:18 | 显示全部楼层 来自 中国–湖北–武汉
好在我不用StatsMe ~HOHO
回复

使用道具 举报

发表于 2003-3-18 17:10:25 | 显示全部楼层 来自 中国–河南–新乡
有惊无险
回复

使用道具 举报

游客
回复
您需要登录后才可以回帖 登录 | 注个册吧

快速回复 返回顶部 返回列表