PDA

View Full Version : Unreal Engine Security advisory


legacy-sourcexx
06-22-2004, 07:06 AM
http://aluigi.altervista.org/adv/unsecure-adv.txt

pplication: Unreal Engine
http://unreal.epicgames.com
Vulnerable games:
- DeusEx <= 1.112fm
- Devastation <= 390
- Mobile Forces <= 20000
- Nerf Arena Blast <= 1.2
- Postal 2 <= 1337
- Rune <= 107
- Tactical Ops <= 3.4.0
- TNN Pro Hunter (?)
- Unreal 1 <= 226f
- Unreal II XMP <= 7710
- Unreal Tournament <= 451b
- Unreal Tournament 2003 <= 2225
- Unreal Tournament 2004 < 3236
- Wheel of Time <= 333b
- X-com Enforcer
NOT vulnerables:
- America's Army
- Dead man's hand
- Magic Battlegrounds
- Rainbow Six: Raven Shield
- Splinter Cell: Pandora tomorrow
- Star Trek: Klingon Honor Guard
- Unreal Tournament 2004 >= 3236
- XIII
Platforms: Windows, Linux and MacOS
Bug: memory overwriting with possible code execution
Risk: critical
Exploitation: remote, versus servers
Date: 18 June 2004
Author: Luigi Auriemma
e-mail: aluigi@altervista.org
web: http://aluigi.altervista.org

--
rgds
marc'O
legacy-shov3l
06-22-2004, 09:02 AM
The bug has been noticed to EpicGames the 24 May 2004.
Currently only UnrealTournament 2004 has been fixed with the recent
3236 patch.

this has been around forever just change port to anything but 7777 if yoiu have a problem
legacy-sourcexx
06-22-2004, 09:08 AM
Huuu? Changing the port will not help at all m8 ;-) Cos you can still send arbitary packets to the new port - it's strongly recommended to upgrade.

rgds
marc'O
elmuerte
06-22-2004, 10:19 AM
disabling the GameSpy uplink feature will fix it for unsecure clients
legacy-wolf31o2
06-30-2004, 08:12 AM
I am responsible for the UT2003 package for Gentoo Linux.

Is there any known workaround that can be implemented on a global scale? For example, are there any settings I could change in an .ini or possibly some UnrealScript I could add to solve this vulnerability?

I would need workarounds for UT2003, UT2003 Demo, UT2003 Dedicated Server, and UT2004 Demo.

Thanks
Wormbo
06-30-2004, 10:15 AM
For the demos and UT2003 Windows versions you will have to disable the Gamespy uplink, for UT2003 Linux there's a beta patch 2225.3 or something available.
legacy-wolf31o2
06-30-2004, 10:44 AM
Right. Being a non-expert at setting up a server, how does one disable the GameSpy uplink via the .ini's?

Also, it is our policy not to add a beta patch until it goes final, so I would have to implement a workaround for retail UT2003 until the patch went gold.
Wormbo
06-30-2004, 12:03 PM
Just find the string "gamespy" in your server's INI. You should find UplinkToGamespy in the [IpDrv.MasterServerUplink] section.
legacy-wolf31o2
07-08-2004, 09:46 AM
Since ut2003 demo doesn't link to gamespy, does that mean it isn't vulnerable/exploitable?