[void.at Security Advisory VSA0305]
HLTV offers the ability to have thousands of spectators watch online games on Half-Life-servers.
By sending a specially crafted packet to the hltv-server, an attacker can cause the server to crash.
The one that comes with hlds 220.127.116.11; possibly others.
Medium. The remote server simply crashes.
Packets querying things like player-status etc always start with \xff\xff\xff\xff, followed by a query command and terminated by a \0.
When you simply send \xff\xff\xff\xff\0 to the server, it crashes.
Vendor patch needed!
Come on :-)
void.at everyone who was at 19c3