Info

Disclosure

Jun 18, 2004

Discovery

May 24, 2004

Dates

Exploit

Jun 18, 2004

Solution

Unknown

Description

The Unreal Engine contains a flaw that may be exploited by a malicious user to cause a buffer overflow. The issue is triggered when a remote attacker sends an excessively long value to a game server via the GameSpy 'secure' query protocol. It is possible that the flaw may allow remote code execution or denial of service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public, Exploit Commercial

Solution

Upgrade to UnrealTournament 2004 version 3236 or higher, as it has been reported to fix this vulnerability. There are no other upgrades or patches known to fix the vulnerability at this time. It may be possible to correct the flaw or prevent exploitation by implementing one or more workaround(s). Links are provided as Other Solution URL's in the external references section.

Products

Epic Games, Inc.

Unreal Engine

Unknown or Unspecified

References

Security Tracker: 1010535
Bugtraq ID: 10570
Secunia Advisory ID: 11900 12091
ISS X-Force ID: 16451
CVE ID: 2004-0608 (see also: NVD)
SCIP VulDB ID: 722
Keyword: epic UDP port 7777 UDP port 7787
Other Advisory URL: http://aluigi.altervista.org/adv/unsecure-adv.txt
http://www.securiteam.com/windowsntfocus/5BP0P0AD5W.html
Other Solution URL: http://aluigi.altervista.org/adv/unsecure-adv.txt
http://archives.neohapsis.com/archives/bugtraq/2004-06/0375.html
http://isc.sans.org/diary.php?date=2004-06-22
http://www.gdries.com/IpServer.u
Generic Exploit URL: http://immunitysec.com
Packet Storm: http://packetstormsecurity.org/0406-advisories/unrealCodeExec.txt
http://packetstormsecurity.org/0406-exploits/unsecure.zip
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/7217