From lazykang@hotmail.com  Sat Aug  9 09:41:34 2003
Return-Path: <lazykang@hotmail.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id D59C937B401; Sat,  9 Aug 2003 09:41:34 -0700 (PDT)
Received: from hotmail.com (bay8-f126.bay8.hotmail.com [64.4.27.126])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 3432B43FF2; Sat,  9 Aug 2003 09:41:34 -0700 (PDT)
	(envelope-from lazykang@hotmail.com)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
	 Sat, 9 Aug 2003 09:41:34 -0700
Received: from 61.149.55.17 by by8fd.bay8.hotmail.msn.com with HTTP;
	Sat, 09 Aug 2003 16:41:33 GMT
Message-Id: <BAY8-F126MNFmWAFsTm00006fc9@hotmail.com>
Date: Sun, 10 Aug 2003 00:41:33 +0800
From: "Kang Liu" <lazykang@hotmail.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc: pat@freebsd.org, kris@freebsd.org
Subject: Potential high risk security problem in ports/games/halflifeserver

>Number:         55424
>Category:       ports
>Synopsis:       Potential high risk security problem in
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pat
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Aug 09 09:50:16 PDT 2003
>Closed-Date:    Sat Aug 09 13:26:23 PDT 2003
>Last-Modified:  Sat Aug 09 13:26:23 PDT 2003
>Originator:     Kang Liu
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
Beijing University of Technology
>Environment:
System: FreeBSD testipfw.bjpu.edu.cn 5.1-CURRENT FreeBSD 5.1-CURRENT #8: Mon 
Aug 4 23:37:18 CST 2003 root@testipfw.bjpu.edu.cn:/usr/obj/usr/src/sys/IPFW 
i386
>Description:
There might be a serious security problem(remote shell) in 
ports/games/halflifeserver.
The exploit has been posted on bugtraq: 
http://www.securityfocus.com/archive/1/331941
I do not have halflife's game disc or bin, so I can not test if it is really 
work or not.
>How-To-Repeat:
n/a
>Fix:
mark as FORBIDDEN temporarily?

_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*. 
http://join.msn.com/?page=features/featuredemail

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->pat  
Responsible-Changed-By: krion 
Responsible-Changed-When: Sat Aug 9 11:01:58 PDT 2003 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55424 
State-Changed-From-To: open->closed 
State-Changed-By: pat 
State-Changed-When: Sat Aug 9 13:25:49 PDT 2003 
State-Changed-Why:  
Update to 3.1.1.1.d should resolve this. Thanks for your submission. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=55424 
>Unformatted:
 >ports/games/halflifeserver
