VULHUB ™

A format string vulnerability has been discovered in the Half-Life ClanMod plugin. The problem occurs in the 'cm_log' command which is designed to write a message to the server log file. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.

A format string vulnerability has been discovered in the Half-Life ClanMod plugin. The problem occurs in the 'cm_log' command which is designed to write a message to the server log file. An 'rcon' authenticated user may be able to exploit this issue to overwrite sensitive locations in memory. Successful exploitation of this issue would allow an attacker to execute arbitrary commands with the privileges of the Half-Life server.