Tweet
SecurityFocus' Bugtraq is housing at least seven various Half-Life related exploits. One is a simple method of crashing HLTV, while the remaining revolve around various HLDS add-ons like AdminMod, statsme, and ClanMod.
Due to poor programming in many cases, arbitrary code can be run on either the server or, with some exploits, on the client. Many of these exploits require rcon access. The easy solution for server operators is to not allow admins to use rcon if you have AdminMod, statsme, or ClanMod installed. You can do this by setting rcon_password to nothing (type ""). If you insist on using rcon and cannot fully trust your admins, then disable/uninstall the add-ons in question until they are upgraded. The best solution for the head admin, of course, is to only give rcon and AdminMod access to people who can be trusted.
AdminMod has at least one major exploit which may not require rcon access, so you may wish to uninstall AdminMod if you are a server operator.
For the client, it is recommended that you only play on servers where you can trust the admins. For now, it is a bit of a risk to join some random wacky server because that admin may, at his will, start a shell session to multiple clients' computers. If your game locks up, turn off your computer quickly.
Due to poor programming in many cases, arbitrary code can be run on either the server or, with some exploits, on the client. Many of these exploits require rcon access. The easy solution for server operators is to not allow admins to use rcon if you have AdminMod, statsme, or ClanMod installed. You can do this by setting rcon_password to nothing (type ""). If you insist on using rcon and cannot fully trust your admins, then disable/uninstall the add-ons in question until they are upgraded. The best solution for the head admin, of course, is to only give rcon and AdminMod access to people who can be trusted.
AdminMod has at least one major exploit which may not require rcon access, so you may wish to uninstall AdminMod if you are a server operator.
For the client, it is recommended that you only play on servers where you can trust the admins. For now, it is a bit of a risk to join some random wacky server because that admin may, at his will, start a shell session to multiple clients' computers. If your game locks up, turn off your computer quickly.
Comment