Forum

Source Engine RCE via player fragging  

  RSS

Yuggles
New Member
Joined:5 months  ago
Posts: 3
23/07/2017 7:51 pm  

Interesting vulnerability in the Source engine. Recently patched.

Reddit post

Blog post

Edited: 5 months  ago

ReplyQuote
brixton
Eminent Member Admin
Joined:2 years  ago
Posts: 21
23/07/2017 9:00 pm  

Ah I wish we could have better control of the buffer memory on a simple scale. I don't have the time to debug every buffer memory overflow I've ever seen in a Source game. ZPS has thrown us thousands of those. Amazing that it took this long to find this little exploit.

Seriously though, there used to be a LOT more. So much, that we had to run plugins just to combat the swiss cheese like engine of the time. So kudos to Steam/Valve for getting on top of these problems.

This would explain the sudden updates from about a month ago - all of us playing ZPS went "What, a new update" and then there was nothing. ZPS Dev's listed (their latest updates) as preparing for ZPS v3.... In which we all impatiently await.

You know, I always saw our ability to load maps and custom models as such an open gateway to trouble. Imagine the kind of files you could really be passing along. Linux is hard to exploit, but if I slipped the right file to you... You never know what can come next!

Mooooooo


ReplyQuote
Yuggles
New Member
Joined:5 months  ago
Posts: 3
24/07/2017 8:24 pm  

I wonder about that as well. It always seemed to me that the implicit trust of clients in servers not to serve malicious files was prone to abuse. I'm sure there are 0days like this that are finding lots of use right now.


ReplyQuote
brixton
Eminent Member Admin
Joined:2 years  ago
Posts: 21
25/07/2017 7:15 pm  

Perhaps, the implicit trust comes from the thought: "nobody would bother to try this". And then, you realize that the morals of most developers, are kind hearted and trusting. Never thinking to patch every stinking hole. Leaving the door wide open for the infamous Samui attack!

Look at how far I've had to go to lock down our forums and site. To the point where I manually register each user by hand. As to be 100% sure that we are free from problems. And will we be?

Though I must admit, it is indeed a weird thought - that someone would spend their time just breaking code all day, trying to find that next exploit. Is it for the glory? Is it for the fame? Or is it just to be an asshole?

 


ReplyQuote
brixton
Eminent Member Admin
Joined:2 years  ago
Posts: 21
25/07/2017 7:18 pm  

P.S. - There have certainly been times when that implicit trust of serving files and data - has been used to gain advantage over a potential attacker. It's quite amazing how you would never proxy a game server (slowing your packets down like a mo-fo). You will almost always connect with your real IP. That gives me a real target to fight with!

🙂


ReplyQuote
Yuggles
New Member
Joined:5 months  ago
Posts: 3
27/07/2017 2:35 pm  

Posted by: brixton

Perhaps, the implicit trust comes from the thought: "nobody would bother to try this". And then, you realize that the morals of most developers, are kind hearted and trusting. Never thinking to patch every stinking hole. Leaving the door wide open for the infamous Samui attack!

Whatever happened to him? I have only blurry memories.

 

Posted by: brixton

Look at how far I've had to go to lock down our forums and site. To the point where I manually register each user by hand. As to be 100% sure that we are free from problems. And will we be?

No, nor will we ever be. I respect your attention to security and I think the current policies are suitable. However, there is a balance to be struck between maximum security and maximum convenience - too much of either makes a system unusable.

 

Posted by: brixton

Though I must admit, it is indeed a weird thought - that someone would spend their time just breaking code all day, trying to find that next exploit. Is it for the glory? Is it for the fame? Or is it just to be an asshole?

The security community greatly emphasizes reputation. What a hacker has accomplished, both for himself and the community, is of paramount importance.

However, an increasingly important factor as of the past decade is financial gain. The researcher who found that Source exploit could easily have sold it for much more than Valve awarded him, as there is quite a healthy market for 0days.

Despite this, I believe that the best do it for the love of the act above all else - reputation and money mean little to them in comparison to the rush of system mastery.

Edited: 5 months  ago

ReplyQuote
  
Working

Please Login or Register

Zombie Cow's Theme by Flythemes