Welcome, Guest. Please login or register. Did you miss your activation email?

Author Topic: (PSA) New Source Engine 2013 Exploit, will fuck your shit up.  (Read 2922 times)

0 Members and 1 Guest are viewing this topic.

Offline Theuaredead`

  • *
  • *
  • +1% chance to make useful post
  • Theuaredead` has no influence.
(PSA) New Source Engine 2013 Exploit, will fuck your shit up.
« on: September 06, 2015, 03:25:08 PM »
Recently, an exploit in the Source Base 2013 MP branch has been discovered. It's an exploit that allows people to hijack into servers and inject files to said server and make the server download said files to your PC, along with spoofing servers to download said files into your computer. So what exactly does this exploit do?

- Steals your items
- Hacks your account
- VAC bans you
- and possibly more.

Players of CS:GO and TF2 should not be scared of this issue, as these are games Valve still patches, and this was patched ages ago. But if you read a previous announcement, I mentioned that Valve abandoned the Source Base 2013 updating project in about 2013 along with the games running on it. Meaning games like: CS:S, DOD:S, HLDMS, and more are effected, along with free to play Source Base mods running on the same engine, such as: NMRIH, TF2:C, Fistful of Frags, Fortress Forever, and more.

So please, avoid until Valve patches (if they even do, they might patch the mod engine, but not their games, especially HLDMS)

I recommend sharing this info with your friends, family, and peers so people can avoid loosing their accounts.

I shameless stole this from my own group:
http://steamcommunity.com/groups/Left4DeadZero#announcements/detail/74662325845478496

Offline Comrade

  • *
  • *
  • +11% chance to make useful post
  • Comrade might someday be someone...Comrade might someday be someone...Comrade might someday be someone...Comrade might someday be someone...
Re: (PSA) New Source Engine 2013 Exploit, will fuck your shit up.
« Reply #1 on: September 06, 2015, 04:55:53 PM »
Now this is actually pretty concerning.

Offline Theuaredead`

  • *
  • *
  • +1% chance to make useful post
  • Theuaredead` has no influence.
Re: (PSA) New Source Engine 2013 Exploit, will fuck your shit up.
« Reply #2 on: September 08, 2015, 11:59:27 PM »
Source Base 2013 recieving patch for exploit, and some games too.

keyword is some games.

Around the time that people discovered that Source 2013 has an exploit that was never patched, people ran to Valve, and Valve was like "oh shit we need to fix this" and well, as I am telling you right now, they've released a patch to the beta depot of Source Base 2013.

They sent out this email on the HLDS mailing list:

Quote
We've released a beta update for the Source SDK Base 2013 Multiplayer depot. The updated depots include several security fixes. The name for the beta branch is "beta_test". If you're running a game that depends on the Source SDK Base 2013 Multiplayer tool, please give the beta a try and report any problems. You can email me directly with any problems you find.

   * Clients can opt-in to the beta using the Betas tab of the Properties dialog for the Source SDK Base 2013 Multiplayer tool (select "beta_test" in the dropdown menu)

   * Dedicated servers can find information about how to use a beta here:
   https://developer.valvesoftware.com/wiki/SteamCMD

We're also working on updates for Counter-Strike: Source, Day of Defeat: Source, and Half-Life 2: Deathmatch. We'll have more information about those soon.

Thanks.

-Eric

See some stuff missing here at the end? I bet you dooooo.

There's no mention of L4D, L4D2, or HLDMS.
Half-Life: Deathmatch Source is known to have this exploit present, but L4D and L4D2 are unknown if they do or not. L4D most likely doesn't have this patched out, but L4D2 I just couldn't find any documentation about it being patched out (since TF2 and CSGO had this patched out in 2014, and every Source game was patched to be on the same engine in 2013, which in the same year they canned the project and only TF2, CSGO, Dota 2, and to a point L4D2 were still patched after the fact) in the L4D Blog.

I wouldn't worry so much on L4D2, they'll probably patch it out, but for L4D (assuming it hasn't) and especially HLDMS, there's a great chance they will never get patched to relieve that exploit.

So beware, those games might still be exploitable.

Also, pester Valve to update L4D and L4D2 if they haven't already, I wouldn't recommend pestering Valve about HLDMS and HL1S since, well, there's more than the exploit wrong with them.

I also copied and pasted this from what I wrote on the L4D Zero page 8)
http://steamcommunity.com/groups/Left4DeadZero#announcements/detail/73537060975185970