• In diretta da GamesVillage.it
    • News
    • -
    • In Evidenza
    • -
    • Recensioni
    • -
    • RetroGaming
    • -
    • Anteprime
    • -
    • Video
    • -
    • Cinema

Visualizzazione risultati da 1 a 3 di 3

Discussione: Ut Errore!!!!

Cambio titolo
  1. #1
    Rivoluzionario L'avatar di Gendo Ikari
    Registrato il
    03-03
    LocalitÓ
    Neo Tokyo 3
    Messaggi
    6.197

    Ut Errore!!!!

    E' stato rilevato un grosso errore di sicurezza nell'Unreal Engine. Leggete.

    http://aluigi.altervista.org/adv/unsecure-adv.txt

    Luigi Auriemma

    Application: Unreal Engine
    http://unreal.epicgames.com
    Vulnerable games:
    - DeusEx <= 1.112fm
    - Devastation <= 390
    - Mobile Forces <= 20000
    - Nerf Arena Blast <= 1.2
    - Postal 2 <= 1337
    - Rune <= 107
    - Tactical Ops <= 3.4.0
    - TNN Pro Hunter (?)
    - Unreal 1 <= 226f
    - Unreal II XMP <= 7710
    - Unreal Tournament <= 451b
    - Unreal Tournament 2003 <= 2225
    - Unreal Tournament 2004 < 3236
    - Wheel of Time <= 333b
    - X-com Enforcer
    NOT vulnerables:
    - America's Army
    - Dead man's hand
    - Magic Battlegrounds
    - Rainbow Six: Raven Shield
    - Splinter Cell: Pandora tomorrow
    - Star Trek: Klingon Honor Guard
    - Unreal Tournament 2004 >= 3236
    - XIII
    Platforms: Windows, Linux and MacOS
    Bug: memory overwriting with possible code execution
    Risk: critical
    Exploitation: remote, versus servers
    Date: 18 June 2004
    Author: Luigi Auriemma
    e-mail: [email protected]
    web: http://aluigi.altervista.org



    1) Introduction
    2) Bug
    3) The Code
    4) Fix



    ===============
    1) Introduction
    ===============


    The Unreal engine is the famous game engine developed by EpicGames and
    currently is the most used in the videogames world.
    Who doesn't know the great Unreal series???


    ======
    2) Bug
    ======


    Almost all the games based on the Unreal engine support the "secure"
    query.
    This type of query is part of the so called Gamespy query protocol and
    is used to know if the game server is able to calculate an exact
    response using a provided string:
    http://unreal.epicgames.com/IpServer.htm
    http://aluigi.altervista.org/papers/gsmsalg.h

    The query is a simple UDP packet like \secure\ABCDEF
    If an attacker uses a long value in his secure query, in the Unreal
    based game server will be overwritten some important memory zones.

    Both remote code execution and spoofing are possibles.


    ===========
    3) The Code
    ===========


    http://aluigi.altervista.org/poc/unsecure.zip

    or send a similar UDP packet to the query port of the game server:

    \secure\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa. ..aaaa


    ======
    4) Fix
    ======


    The bug has been noticed to EpicGames the 24 May 2004.
    Currently only UnrealTournament 2004 has been fixed with the recent
    3236 patch.
    Check the homepages of the other vulnerable games for possible future
    fixes.

    However fixing the problem should be enough simple, at least for who
    has experience with the UnrealScript language.
    In fact the instructions that manage the \secure\ query and pass its
    value to the bugged function are written in UnrealScript code and are
    located in the files IpDrv.u or IpServerver.u (they depend by the used
    engine version).
    Ultima modifica di Gendo Ikari; 4-07-2004 alle 14:25:20
    Viva l'Itaglia!

  2. #2
    Oh my iPod! L'avatar di er patata
    Registrato il
    11-02
    LocalitÓ
    Bari Downtown
    Messaggi
    13.136
    non scarica...

    A volte credo di essere fin troppo nerd. Naa, never too much.
    Vuoi personalizzare l'aspetto del forum di GamesRadar? Clicca qui!
    Consortium.ru 2004 3D Motion Demo, shocking graphics. (QuickTime 60MB)

    Vuoi guadagnare soldi velocemente? Clicca qui!

  3. #3
    Rivoluzionario L'avatar di Gendo Ikari
    Registrato il
    03-03
    LocalitÓ
    Neo Tokyo 3
    Messaggi
    6.197
    Ehm, si legge non si scarica.
    Viva l'Itaglia!

Regole di Scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •