Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
https://exchange.xforce.ibmcloud.com/vulnerabilities/5413
http://www.securityfocus.com/archive/1/141060
http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html