VULHUB ™

A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage() function, which is used by other functions to write a message to the users console. The format string occurs when the System_Response() function is called by selfmessage() to log the administrative command. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.

A format string vulnerability has been discovered in the Half-Life AdminMod plugin. The problem occurs in commands which call the selfmessage() function, which is used by other functions to write a message to the users console. The format string occurs when the System_Response() function is called by selfmessage() to log the administrative command. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.