Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half-Life Vulnerabilities Exposed, Patched

Posted by simoniker on from the publicized-then-fixed dept.

AEton writes "PivX Solutions revealed in a press release three apparently new vulnerabilities in Half-Life and its related mods (such as Counter-Strike and Day of Defeat). Security researcher Auriemma Luigi discovered the flaws, reported them to Valve, and waited over three months for an official response before releasing an unofficial patch to correct the issues. Details on each of the vulnerabilities and sample code are linked to in the press release. (The third one looks kind of flaky, but the buffer overflows seem real.)" Thanks to an anonymous reader for pointing out Valve have now released a dedicated Windows server patch and dedicated Linux server patch (links via Fileshack) which seem to fix the issues.

2 of 36 comments (clear)

  1. 3 months by Taral · · Score: 3, Interesting

    I'm appalled that it apparently took a public release to get them to patch the servers. It would have been trivial for Valve to slide this into a patch and release it to everyone.

    What possible rationale do they have for not fixing it in <b>3 months</b>?

    --
    Taral

    WARN_(accel)("msg null; should hang here to be win compatible\n");
    -- WINE source code

  2. Re:Not good enough by Hard_Code · · Score: 4, Interesting

    "They still haven't fixed VAC (valve anti-cheat) so wine users can play Half-Life."

    And why should they burn money supporting a niche customer base which either 1) won't pay for software or 2) already has a copy of the windows version of a game that is OVER FIVE YEARS OLD? There are like, 3 people that play half life through wine.

    "This doesn't stop them from assuming Linux fans will host their games via dedicated servers though. I'm still a little pissed off that they think Linux is good enough to host their games but not worthy of a client."

    They don't assume shit. Linux is a popular server operating system that is run by MANY hosting services, so naturally they would port the dedicated server to linux. The dedicated server is much easier to port than the full blown client with graphics (duh).

    "This is just more of the same old excellent community support from Valve."

    Let's see:

    * publish half life sdk with tools, source, and documentation
    * maintain strong mod community relationships with valve-erc website
    * support popular mods: socially, technically, financially, etc.
    * listen to the incessent bitching of every kiddie who wants something for nothing

    Yeah, I'd say it is excellent support. Quityerbitchin.

    --

    It's 10 PM. Do you know if you're un-American?