Slashdot Mirror

← Back to Stories (view on slashdot.org)

Half-Life Vulnerabilities Exposed, Patched

Posted by simoniker on from the publicized-then-fixed dept.

AEton writes "PivX Solutions revealed in a press release three apparently new vulnerabilities in Half-Life and its related mods (such as Counter-Strike and Day of Defeat). Security researcher Auriemma Luigi discovered the flaws, reported them to Valve, and waited over three months for an official response before releasing an unofficial patch to correct the issues. Details on each of the vulnerabilities and sample code are linked to in the press release. (The third one looks kind of flaky, but the buffer overflows seem real.)" Thanks to an anonymous reader for pointing out Valve have now released a dedicated Windows server patch and dedicated Linux server patch (links via Fileshack) which seem to fix the issues.

3 of 36 comments (clear)

  1. Re:3 months by breon.halling · · Score: 4, Insightful

    What possible rationale do they have for not fixing it in 3 months?

    Hmmm. Maybe they were busy working on Half-Life 2? ;)

    Seriously, though: considering Half-Life's age, I find it amazing it got patched at all! Half was released at the end of 1998, making it almost 5 years old. I can't think of many other games (or even applications, for that matter) that still get support after such a length of time.

    --
    "Yeah, well, Dracula called and he's coming over tonight for you and I said okay."
  2. Re:Not good enough by Hard_Code · · Score: 4, Interesting

    "They still haven't fixed VAC (valve anti-cheat) so wine users can play Half-Life."

    And why should they burn money supporting a niche customer base which either 1) won't pay for software or 2) already has a copy of the windows version of a game that is OVER FIVE YEARS OLD? There are like, 3 people that play half life through wine.

    "This doesn't stop them from assuming Linux fans will host their games via dedicated servers though. I'm still a little pissed off that they think Linux is good enough to host their games but not worthy of a client."

    They don't assume shit. Linux is a popular server operating system that is run by MANY hosting services, so naturally they would port the dedicated server to linux. The dedicated server is much easier to port than the full blown client with graphics (duh).

    "This is just more of the same old excellent community support from Valve."

    Let's see:

    * publish half life sdk with tools, source, and documentation
    * maintain strong mod community relationships with valve-erc website
    * support popular mods: socially, technically, financially, etc.
    * listen to the incessent bitching of every kiddie who wants something for nothing

    Yeah, I'd say it is excellent support. Quityerbitchin.

    --

    It's 10 PM. Do you know if you're un-American?
  3. Patch Status by BrookHarty · · Score: 4, Insightful

    When I saw the news on Bugtrack, i posted the information on planethalflife forums and a few other places. Was rather surprised that nobody posted it on the HL forums.

    And all those "HL is old" posts, "let it die", are posted by morons. CompuUSA has HL selling for 45 bux for the entire collection. They are selling the collections and still making money! The Mods alone make the HL series worth the money. Day of defeat just came out, and it rocks, the mod even made its own release like CounterStrike.

    Gamespy reports that 27,000+ HL servers are running, compare that to Tribes at 700. The game is STILL selling, no reason not to patch an active cash cow. I respect Valve for supporting us, after a bad experience on Tribes2 support, Sierra needs some good karma.

    BTW, Natural Selection HL mod rocks. Too bad its not well known. (Think AVP+Tribes+CC+WC3)