Azazel
11th February, 2003, 11:02 PM
As reported on
<a target="_blank" href="http://www.techtv.com/news/security/story/0,24195,3417248,00.html">
TechTV</a> it appears Epic are due to release a security patch sometime tomorrow
to fix the vunerabilities contained within the Unreal code.
These affect all Unreal engine based games from the original through to UT2003
and any Unreal engine licensed game.
Click read more for the rest of the story ...A list of possible vunerabilities are:
Local and remote denial of service.
Distributed denial of service (flooding remote computers with data packets
to freeze it).
Bounce attacks with spoofed UDP packets. (This is how attackers can flood
a server without using all of their bandwidth. It creates a data transfer loop
within the targeted computer.)
Fake players can exclude others on a game server.
Most importantly the holes could allow the execution of malicious code on
a targeted computer.
The group who found the holes claim they were in touch with Epic before last
November and recently posted code to perform attacks on these vunerabilities.
Since the code was posted (around a week ago) Epic have responded with test
patches which should culminate with a fix possible tomorrow.
As soon as we hear about the fix going public we will post about
<img title=":thumbup:" alt=":thumbup:" src="modules/Forums/images/smiles/thumb.gif" border="0" width="25" height="18" align="top">
<a target="_blank" href="http://www.techtv.com/news/security/story/0,24195,3417248,00.html">
TechTV</a> it appears Epic are due to release a security patch sometime tomorrow
to fix the vunerabilities contained within the Unreal code.
These affect all Unreal engine based games from the original through to UT2003
and any Unreal engine licensed game.
Click read more for the rest of the story ...A list of possible vunerabilities are:
Local and remote denial of service.
Distributed denial of service (flooding remote computers with data packets
to freeze it).
Bounce attacks with spoofed UDP packets. (This is how attackers can flood
a server without using all of their bandwidth. It creates a data transfer loop
within the targeted computer.)
Fake players can exclude others on a game server.
Most importantly the holes could allow the execution of malicious code on
a targeted computer.
The group who found the holes claim they were in touch with Epic before last
November and recently posted code to perform attacks on these vunerabilities.
Since the code was posted (around a week ago) Epic have responded with test
patches which should culminate with a fix possible tomorrow.
As soon as we hear about the fix going public we will post about
<img title=":thumbup:" alt=":thumbup:" src="modules/Forums/images/smiles/thumb.gif" border="0" width="25" height="18" align="top">