Results 1 to 2 of 2

Thread: Vulnerability Issue within The Unreal Engine

  1. #1
    mutantbass head Lee H's Avatar
    Join Date
    Dec 2003
    Location
    M28, Manchester
    Posts
    14,204
    Thanks
    337
    Thanked
    670 times in 579 posts
    • Lee H's system
      • Motherboard:
      • MSI Z370 Carbon Gaming
      • CPU:
      • Intel i7 8700K Unlocked CPU
      • Memory:
      • 16 GB Corsair Vengeance 3200 LPX
      • Storage:
      • 250GB 960 EVO + a few more drives
      • Graphics card(s):
      • 6GB Palit GTX 1060 Dual
      • PSU:
      • Antec Truepower 750W Modular Blue
      • Case:
      • Corsair 600T White Edition
      • Operating System:
      • Windows 10 PRO
      • Monitor(s):
      • 27" Asus MX279H & 24" Acer 3D GD245HQ + the 3D glasses
      • Internet:
      • Virgin Media

    Vulnerability Issue within The Unreal Engine

    Thought I'd pass this information to you lot so you can get patching to fix this flaw

    Application: Unreal Engine
    http://unreal.epicgames.com
    Vulnerable games:
    - DeusEx <= 1.112fm
    - Devastation <= 390
    - Mobile Forces <= 20000
    - Nerf Arena Blast <= 1.2
    - Postal 2 <= 1337
    - Rune <= 107
    - Tactical Ops <= 3.4.0
    - TNN Pro Hunter (?)
    - Unreal 1 <= 226f
    - Unreal II XMP <= 7710
    - Unreal Tournament <= 451b
    - Unreal Tournament 2003 <= 2225
    - Unreal Tournament 2004 < 3236
    - Wheel of Time <= 333b
    - X-com Enforcer
    NOT vulnerables:
    - America's Army
    - Dead man's hand
    - Magic Battlegrounds
    - Rainbow Six: Raven Shield
    - Splinter Cell: Pandora tomorrow
    - Star Trek: Klingon Honor Guard
    - Unreal Tournament 2004 >= 3236
    - XIII
    Platforms: Windows, Linux and MacOS
    Bug: memory overwriting with possible code execution
    Risk: critical
    Exploitation: remote, versus servers
    Date: 18 June 2004
    Author: Luigi Auriemma
    e-mail: aluigi@altervista.org
    web: http://aluigi.altervista.org


    #######################################################################


    1) Introduction
    2) Bug
    3) The Code
    4) Fix


    #######################################################################

    ===============
    1) Introduction
    ===============


    The Unreal engine is the famous game engine developed by EpicGames and
    currently is the most used in the videogames world.
    Who doesn't know the great Unreal series???


    #######################################################################

    ======
    2) Bug
    ======


    Almost all the games based on the Unreal engine support the "secure"
    query.
    This type of query is part of the so called Gamespy query protocol and
    is used to know if the game server is able to calculate an exact
    response using a provided string:
    http://unreal.epicgames.com/IpServer.htm
    http://aluigi.altervista.org/papers/gsmsalg.h

    The query is a simple UDP packet like \secure\ABCDEF
    If an attacker uses a long value in his secure query, in the Unreal
    based game server will be overwritten some important memory zones.

    Both remote code execution and spoofing are possibles.


    #######################################################################
    ======
    4) Fix
    ======


    The bug has been noticed to EpicGames the 24 May 2004.
    Currently only UnrealTournament 2004 has been fixed with the recent
    3236 patch.
    Check the homepages of the other vulnerable games for possible future
    fixes.

    However fixing the problem should be enough simple, at least for who
    has experience with the UnrealScript language.
    In fact the instructions that manage the \secure\ query and pass its
    value to the bugged function are written in UnrealScript code and are
    located in the files IpDrv.u or IpServerver.u (they depend by the used
    engine version).
    So happy patching guys - if theres ever a good excuse to keep your games up to date then this is it

  2. #2
    Commander Keen
    Join Date
    Nov 2003
    Location
    217.27.240.214
    Posts
    624
    Thanks
    0
    Thanked
    0 times in 0 posts
    Thanks for that. Duly noted.

    One thing though...

    That nerf game.. Is that not that DIRE looking kids simulation of quake !

    What a pointless game. I am surprised to see it used the fine unreal engine because it looked so crap.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Microsoft Support....
    By Devilbod in forum General Discussion
    Replies: 14
    Last Post: 09-04-2007, 02:42 AM
  2. Helped change an engine last night :)
    By Tumble in forum Automotive
    Replies: 4
    Last Post: 06-05-2004, 04:23 PM
  3. Unreal 2
    By retroborg in forum Gaming
    Replies: 21
    Last Post: 07-04-2004, 12:34 AM
  4. sn41g2 wierd reboot issue :(
    By micovwar in forum PC Hardware and Components
    Replies: 7
    Last Post: 17-01-2004, 03:05 PM
  5. Define the cycle of a 4 cylinder engine
    By Zak33 in forum Automotive
    Replies: 11
    Last Post: 09-08-2003, 11:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •