[原文]Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
Local Access Required,
Local / Remote,
Loss of Integrity
Half Life Dedicated Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a malicious user injects format strings into the changelevel command via the system console or rcon. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.