Welcome to the new Diaspora forums, please let us know if you see anything broken! Notice: Some users may need to reupload their avatars due to an issue during forum setup!
Source Exploit
Kanzuke
Registered, Moderator Posts: 181
Apparently someone has discovered an exploit in the source engine which makes it possible to send files with any extension to the client or server, including .dll's. It looks like nothing malicious has been done, just crap like this:
But it can also be used to get rcon passwords if they were stored in cfg/server.cfg and has been sending messages over steam and apparently Skype.
It has been patched, but there are still other fixes to just delete the files or change the server settings to stop further propagation. The Gmod update released should make that last one unnecessary, but it does prevent other exploits. I don't know if the update will clear out any downloaded files like the batch file in the first link, but my guess is if you were playing on mainstream servers in the last ~8 hours you might have downloaded something
This is a source exploit, so while Gmod has been patched, it may take Valve a while to fix their other source games, so I guess be wary of TF2 and CS severs as well.
The Facepunch threads have more information from people who know more about this than me if you want the full story.
But it can also be used to get rcon passwords if they were stored in cfg/server.cfg and has been sending messages over steam and apparently Skype.
It has been patched, but there are still other fixes to just delete the files or change the server settings to stop further propagation. The Gmod update released should make that last one unnecessary, but it does prevent other exploits. I don't know if the update will clear out any downloaded files like the batch file in the first link, but my guess is if you were playing on mainstream servers in the last ~8 hours you might have downloaded something
This is a source exploit, so while Gmod has been patched, it may take Valve a while to fix their other source games, so I guess be wary of TF2 and CS severs as well.
The Facepunch threads have more information from people who know more about this than me if you want the full story.
Lambda217: oh oh i am kanzuke and i love my little pony and now i'll make all the brandonphysics myself cause i know fuckin everything because now i'll make a big pony fighter drone squad and a big fuckin portal ship and i am a fuckin idiot
Comments
Lλmbdλ: donations for coding the space future of diaspora :>
Get your extra long EVE trial here!