PivX Solutions, a leader in Security Research & Responsible Disclosure announces the release of 3 buffer-overflow vulnerability advisories discovered by Luigi Auriemma, a senior security researcher for PivX Solutions, LLC. PivX also has released a free fix called '[url="http://www.pivx.com/preparationv/"]Preparation V[/url]' to reduce the aggravation these bugs can cause & to protect users.
Currently, no fix is available from Valve. PivX & its researchers initially alerted Valve of this problem over 3 months ago on April 14th of 2003 at which time Valve's representatives informed PivX that a patch was in the works. Due to the severity of these vulnerabilities, PivX waited much longer than the industry standard of 30 days for a patch to be created & distributed by the vendor. However, after 100 days & no patch or fix from Valve, despite repeated inquiries, PivX has decided to release these vulnerabilities with their free fix that can be downloaded at [url="http://www.pivx.com/preparationv/"]www.pivx.com/preparationv[/url].
[url="http://www.pivx.com/press_releases/valve_release01.html"]Full advisory here[/url]. Note - This update need only be applied to game servers, not to client machines.