csdeath exploit

[psychical]

Gal zinot kas nors, kai papsisaugoti nuo jo?

[aaarnas]

http://www.cshama.lt/index.php?/topic/4 ... dziamumas/

[beast]

Valve išleido fixą:

We have released a beta update for Half-Life 1 engine based games (Half-Life, Counter-Strike 1.6, Day of Defeat, etc). To grab this update run the hldsupdatetool with "-beta hlbeta" on the command line. This update continues on some exploit fixes we have already shipped within this beta.

Changes:
- Added sv_filetransfermaxsize cvar to limit the size of a file a server will try to send to a client, by default 10mbytes.
- Prevented halflife.wad from being downloaded from a server (fixes server hang/stall).


There is also a couple client side fixes, if you run your Steam client with "-beta hlbeta" on its command line and run Half-Life games you will have some fixes that prevent server redirection.

[ShoX]

Valve išleido fixą:

We have released a beta update for Half-Life 1 engine based games (Half-Life, Counter-Strike 1.6, Day of Defeat, etc). To grab this update run the hldsupdatetool with "-beta hlbeta" on the command line. This update continues on some exploit fixes we have already shipped within this beta.

Changes:
- Added sv_filetransfermaxsize cvar to limit the size of a file a server will try to send to a client, by default 10mbytes.
- Prevented halflife.wad from being downloaded from a server (fixes server hang/stall).


There is also a couple client side fixes, if you run your Steam client with "-beta hlbeta" on its command line and run Half-Life games you will have some fixes that prevent server redirection.

cia dproto?

[aaarnas]

Ne, čia serverio atnaujinimas.
./steam -command update -game cstrike -beta hlbeta -retry -verify_all -dir .

[beast]

Pasirodo, po to buvo išleisti dar du update'ai, nes pirmasis ne pilnai ištaisė šį exploit'ą...

We have released an update to the beta, run the hldsupdatetool with "-beta hlbeta" to get this update. Changes for this update are:

- Changed sv_filetransfermaxsize to 1mbyte by default
- Disallow the dlfile command if the server is configured with a sv_downloadurl


The dlfile command is used internally by the engine to allow users to download custom maps using the in-game channel, unfortunately the processing for large files is done inline and can stall the server. Re-architecting this is beyond the scope for HL1 so the solution would be to use the sv_downloadurl feature if you want to host custom content (or increase the sv_filetransfermaxsize cvar but risk your server FPS stuttering).

- Alfred

- rolled back previous sv_downloadurl and dlfile changes, added some more checks to prevent inappropriate dlfile calls at other times
- Increased "sv_filetransfermaxsize" back to 10mbytes by default
- Added "sv_allow_dlfile" cvar, set this to 0 to disable using dlfile at all (useful safe valve if getting hit by this attack)
- Allow up to 128 mbyte heap via -heapsize command (up from previous 40mbytes), for some 3rd party games
- Added sv_logsecret support, same implementation as on Source engine
- Rate limit user voice data to one per frame, fixes voice_inputdata exploit.
If you run 1000FPS server and still have a problem, stop running a 1000FPS server.

[aaarnas]

- rolled back previous sv_downloadurl and dlfile changes, added some more checks to prevent inappropriate dlfile calls at other times
- Increased "sv_filetransfermaxsize" back to 10mbytes by default
- Added "sv_allow_dlfile" cvar, set this to 0 to disable using dlfile at all (useful safe valve if getting hit by this attack)
- Allow up to 128 mbyte heap via -heapsize command (up from previous 40mbytes), for some 3rd party games
- Added sv_logsecret support, same implementation as on Source engine
- Rate limit user voice data to one per frame, fixes voice_inputdata exploit.
If you run 1000FPS server and still have a problem, stop running a 1000FPS server.

The hell?