Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Counter-Strike bug in name command?

from [Kristian Hermansen] Network Security [Permanent Link]
Subject: [Full-disclosure] Counter-Strike bug in name command?
Date: Tue, 26 Apr 2005 17:23:42 -0400 
I ran into a problem yesterday and now request the assistance of others
to verify or test for the bug, in case it affects more than my setup.  I
am running the latest Counter-Strike through Steam under Linux by using
Cedega 4.3-1.  I am hoping that someone one Windows or Linux can verify
or shoot down this bug.

So basically, if I try to rename myself within the console using the
following string (without quotes) -- the client process will hang
"name .                                                                ."

This is not much of a security vulnerability for server admins in
general, but could be used by malicious admins to lock up the processes
of connecting gamers.  Just try making your name a "." followed by many
consecutive spaces, and then end it with another "."  I can't tell if
this is a problem in the way that CS now tries to eliminate whitespace
in player names, but it does crash my client.  Any feedback would be
appreciated if this command crashes your client...
-- 
Kristian Hermansen <khermansen@ht-technology.com>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Counter-Strike bug in name command?, Kristian Hermansen <=
Previous by Date:  Re: [Full-disclosure] (no subject), Stan Bubrouski
Next by Date:  Re: [Full-disclosure] (no subject), Kerry Thompson
Previous by Thread:  [Full-disclosure] [ GLSA 200504-27 ] xine-lib: Two heap overflow vulnerabilities, Thierry Carrez
Next by Thread:  [Full-disclosure] More about the impact of the Trend sigs, Thomas Sutpen
Indexes:  [Date] [Thread] [Top] [All Lists]