Discuss things relating to this site or the community at large here.
Xaphan
Posts: 23 Joined: Fri Dec 04, 2009 1:17 pm
Post
by Xaphan » Thu Apr 14, 2011 2:12 am
There is a new exploit or an old one that has never been fixed.
Allows the player to rename a map to a folder,
I do run D-FEN but it is outdated, anyways it logged his actions.
Code: Select all
L 04/13/2011 - 23:09:09: [D-FENS] "<><STEAM_0:1:XXX><IP>" uploaded file "maps/cs_office.bsp\hacked.txt".
At the map change level these are the errors...
Code: Select all
CModelLoader::Map_IsValid: No such map 'maps/cs_office.bsp'
changelevel failed: cs_office not found
You must first delete the folder and replace the map.
Any protection I can do on a windows server to prevent this?
Kigen
Site Admin
Posts: 1496 Joined: Sat Jun 07, 2008 11:08 am
Location: Right behind you....
Contact:
Post
by Kigen » Thu Apr 14, 2011 11:12 am
Hmm, I thought Valve patched this.
Can you post a full log in the HLDS mailing list? Or if your trying to keep it private send it to me. I'll see what can be done.
Xaphan
Posts: 23 Joined: Fri Dec 04, 2009 1:17 pm
Post
by Xaphan » Thu Apr 14, 2011 2:29 pm
The log is 198megs, not sure if I need to post all of that.
EDIT: I can upload it if you want it.
This is all that was in the logs... related to the map.
Code: Select all
L 04/13/2011 - 23:09:09: [D-FENS] "<><STEAM_0:1:XXX><IP>" uploaded file "maps/cs_office.bsp\hacked.txt".
CModelLoader::Map_IsValid: No such map 'maps/cs_office.bsp'
changelevel failed: cs_office not found
Server is updated to the latest as well, so it must be new exploit.
for now I did install a SM extension called ServerSecure.
nightrider
Community Moderator
Posts: 878 Joined: Thu Oct 08, 2009 2:38 am
Location: under a rock
Post
by nightrider » Thu Apr 14, 2011 5:31 pm
Thank you for posting the information Xaphan.