News and discussions about new, recent and work-in-progress security vulnerabilities affecting games and game-related software
aluigi
Site Admin
Posts: 12984Joined: Wed Jul 30, 2014 9:32 pm
Post
by aluigi Tue Aug 05, 2014 12:24 pm
Basically the attackers can upload files (dll in this specific exploitation) on clients and servers of Gmod and other Source games:
http://steamcommunity.com/games/garrysm ... 2135333176 Some notes:
the changelog is dated end of April 2014 it's stated that the bug still affects the games based on the Source engine it has been actively exploited in the wild = very very very bad "As far as we are aware the exploit wasn’t used to do anything malicious beyond propagating itself, spamming chat and changing server names" I guess that the issue is somewhat related to these old vulnerabilities dated 2009, yes 5 years ago:
http://aluigi.org/adv/sourceupfile-adv.txt http://www.facepunch.com/showthread.php?t=854605 It's not the first time that I see security issues affecting the Source engine that are partially fixed or can be replicated in other ways.
MikeTF2
Posts: 1Joined: Tue Dec 01, 2015 4:28 am
Post
by MikeTF2 Thu Jan 14, 2016 12:17 am
It seems like an alternative version of the bug has surfaced and being used. There are a lot of threads and other things going around so I'm not positive about anything, and I haven't seen any of the videos before they were taken down, but I would not be surprised, since it is far from the first time Valve's bandaid patches have not worked.
More related info:
https://facepunch.com/showthread.php?t= ... st49521034
