COMMAND

    Half-life

SYSTEMS AFFECTED

    All including builds for Windows (Build 1572) and Linux (Build 1573)

PROBLEM

    Stanley G. Bubrouski  found following.   Remote users with  access
    level high enough to execute the exec or map commands can  exploit
    two  buffer  overflows  and  a  string formatting vulnerability to
    crash the Half-Life server or  execute commands to gain access  to
    the host the server is running on.

    1) When the 'map' command is sent more than 58 or 59 characters  a
       potentially exploitable buffer overflow occurs.

    2) When 235 or more characters are used with the 'exec' command  a
       buffer is overflowed and the server crashes.

    3) There  is  a  string  formatting  vulnerabilitiy  in the  'map'
       command.  When it recieves any formatting characters like %s or
       %d it interprets them as format characters and if crafted right
       a user could crash the server  or execute code as the user  the
       server is running as.

    4) There is a buffer overflow in the parsing of config files which
       could be used to execute  code as the user running  the server.
       This  is  dangerous  because  someone  could  place code in the
       config  file  of  a  module  and  distribute it to unsuspecting
       users.

SOLUTION

    Nothing yet.