PDA

View Full Version : Query Vunerability Fix


LoKi_DarkAngel
22nd June, 2004, 11:53 PM
It's a security patch for a security hole found by Luigi Auriemma (bug details below).

Many thx to our clanmember JustDoIt for this patch.

Bug
===

Almost all the games based on the Unreal engine support the "secure"
query.
This type of query is part of the so called Gamespy query protocol and
is used to know if the game server is able to calculate an exact
response using a provided string:
http://unreal.epicgames.com/IpServer.htm
http://aluigi.altervista.org/papers/gsmsalg.h

The query is a simple UDP packet like \secure\ABCDEF
If an attacker uses a long value in his secure query, in the Unreal
based game server will be overwritten some important memory zones.

Both remote code execution and spoofing are possibles.