Security Flaw in Unreal Engine Games! View next topic View previous topic  Unreal Ops Forum Index » Unreal Ops News Comments Author Message Raven UO Staff Joined: 19 May 2003 Posts: 2235 Location: Clyde, Ohio Posted: Wed Jun 23, 2004 11:39 am Server admins need to patch their servers now! (if patches are available that is....) Quote: Unreal Engine Heap Overflow: A heap overflow has been found in the Unreal Engine that is exploitable against machines running many Unreal based games in server mode. Although we have no reports of exploits being used in the wild, it is believed that exploiting this vulnerability to remotely execute code is possible. We recommend that anyone serving one of the vulnerable games based on the Unreal Engine install patches as soon as they become available. Until patches are available, the only secure recourse is to block all UDP traffic to ports 7777 and 7787 (which will, effectively, keep you from acting as a game server). Limiting access to ports 7777 and 7787 to known IPs is not an effective defense because this is a UDP based attack and packets can be spoofed. Man i hope this isnt going to be as bad as it sounds.... Thx Caleb for the heads up! For more information, including games affected, see http://secunia.com/advisories/11900/ Burgess UO Staff Joined: 17 May 2003 Posts: 542 Location: Almost Heaven WV, USA Posted: Wed Jun 23, 2004 12:00 pm Nice post Raven and nice tip Caleb! _________________ "Power without perception is spiritually useless and therefore of no true value." - Ryuukin Father to Ken, Jagi, and Raoh barbos Ultimate Fanboy Joined: 18 May 2003 Posts: 508 Posted: Wed Jun 23, 2004 12:46 pm Quote: The vulnerability has been addressed in Unreal Tournament 2004 (build 3236 and later). For more information, including games affected, see http://secunia.com/advisories/11900/ Burgess UO Staff Joined: 17 May 2003 Posts: 542 Location: Almost Heaven WV, USA Posted: Wed Jun 23, 2004 1:05 pm Nice barbos I added that on the main page _________________ "Power without perception is spiritually useless and therefore of no true value." - Ryuukin Father to Ken, Jagi, and Raoh Cheetah Ultimate Fanboy Joined: 25 Aug 2003 Posts: 2831 Location: Halfway between the gutter and stars. Posted: Wed Jun 23, 2004 1:43 pm Quote: Man i hope this isnt going to be as bad as it sounds.... it is.. it says Highly Critical on the site.. sounds bad.. very bad... _________________ <CrashOverwrite> ask Raven cause he nevaR knows anything. <Cheetah01> hes nevaR here either <CrashOverwrite> true <Rachel> JaFO Guest Posted: Thu Jun 24, 2004 2:50 am So this isn't a repost of the same message/warning from last year ? Scumgrief UO Noob Joined: 23 Jun 2003 Posts: 25 Posted: Thu Jun 24, 2004 8:40 am I don't think so JaFO. It seems to have been updated rather recently. Sounds like the latest UT2004 patch solves the problem for 2k4, but other games are still at risk _________________ Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First   Unreal Ops Forum Index » Unreal Ops News Comments   Jump to: Select a forum Unreal Ops Forums----------------Unreal Ops Soap BoxUnreal SeriesUnreal Tournament SeriesUnreal Engine GamesUnreal ModsUnreal MappingUnreal Ops News Comments Unreal Mods----------------UT Series CBP ForumsHollow MoonUETF Chronicles Non-Unreal Game Forums----------------Halo 2Half Life 2Dark SectorPariahDoom 3Tribes: Vengeance  View next topic View previous topic

Powered by phpBB © 2001, 2005 phpBB Group :: Theme zoneCopper designed by yassineb.