Half-Life Denial of Service Vulnerability

vendor:

Half-Life

by:

SecurityFocus

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Half-Life

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2002

Half-Life Denial of Service Vulnerability

A denial of service vulnerability has been reported in some versions of the Half-Life server. A remote party may create a large number of new users on a specific server through spoofing the connection conversation. As servers contain a set limit on the maximum number of players, server resources will be exhausted, and legitimate players will not be allowed to join the game.

Mitigation:

Limit the number of users allowed to connect to the server and implement authentication mechanisms to prevent spoofing.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5076/info

Half-Life is a popular game distributed and maintained by Valve Software. It includes features that allow users to game locally, or in distributed network environments. Valve Software also distributes a dedicated server product.

A denial of service vulnerability has been reported in some versions of the Half-Life server. A remote party may create a large number of new users on a specific server through spoofing the connection conversation. As servers contain a set limit on the maximum number of players, server resources will be exhausted, and legitimate players will not be allowed to join the game. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/21572.zip