Announcement

Collapse
No announcement yet.

Format string bug in EpicGames Unreal engine

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • replied
    <bump>

    Leave a comment:


  • replied
    ...

    i can give you an official word on that one, it works

    Leave a comment:


  • replied
    Any chance of an official word on this?

    Leave a comment:


  • replied
    They urgently need to stick up a proper bug reporting mechanism for security issues. An install of bugzilla for the entire unreal engine would be :up:

    Leave a comment:


  • replied
    BUMP

    Leave a comment:


  • replied
    yes your memory is correct. I posted about this advisory over on the UT-IGL forums and in the thread have links to some of the historical information (specifically a link to Mark Rein's apology email).

    Instagib.com discussion of latest UT vulnerability

    As I mentioned in the other thread, I haven't tested the network proxy code but using the INI test, I verified UT v451, UT2003 Demo (2206) and America's Army v2.0 to be open to the fault. UT2004 Demo ran fine.

    EDIT: Saying the same thing twice in one sentence is BRILLIANT! Also it helps to learn to spell.

    Leave a comment:


  • replied
    Don't I remember this happening before? There was a security flaw in the engine and Epic ignored it for ages. Somone from Epic later admitted it was their fault for not doing anything about it for so long. Now it's happening again?

    Leave a comment:


  • replied
    Snippet 2


    This bug was signaled to EpicGames EXACTLY the 2th September 2003 (today is the 10th March so over 6 months ago) but at the beginning it was underrated and was taken a bit more seriously only at November.




    hhmmm thats dosnt sound like epic

    Leave a comment:


  • started a topic Format string bug in EpicGames Unreal engine

    Format string bug in EpicGames Unreal engine

    The problem is a format string bug in the Classes management. Each time a client connects to a server it sends the names of the objects it uses (called classes). If an attacker uses a class name containing format parameters (as %n, %s and so on) he will be able to crash or also to execute malicious code on the remote server. This proof-of-concept is a proxy server able to modify the Unreal packets in real-time allowing the insertion of "%n" into the class names sent by the client to the server causing the r-emote crash. It should be compatible with any game based on the Unreal engine and requires the same game running on the server to be used.

    A snippet
    About UT and UT2003
    EpicGames refused to release a quick-fix for UnrealTournament and UnrealTournament 2003 so the fix was inserted in the planned patch as they do for graphic bugs and other small problems... the patch has not been released yet and is impossible to know when it will be ready.
    QUICK FIXES ARE THE SOLUTION: SECURITY BUGS ARE *NOT* COMMON BUGS!!!
Working...
X