Unreal game engine
Created 2/14/03
Impact
A remote attacker could use the Unreal engine to execute
arbitrary code or cause a denial of service or a distributed
denial of service.
Background
The Unreal engine
is a multi-platform software code base upon which many
different computer games are built.
The Problem
Since the Unreal engine serves no purpose other than to host
games, it usually does not belong in the workplace. The
Unreal engine listens on UDP port 7777, and its implementation
of the network protocol poses several security risks. Since
a single, unauthenticated UDP datagram is all that is
necessary to cause a reply consisting of hundreds of datagrams,
it is possible for a remote attacker to cause a variety of
datagram flooding problems. For instance, by initiating
a sequence of sessions and spoofing the initial datagram
for each session, it is possible to flood any target with
datagrams. Or, by spoofing the initial datagram
such that it appears to come from port 7777 on another
Unreal engine, an attacker could create an endless loop between
the two targets, where large quantities of datagrams are
bounced between the two servers. Furthermore, since lists
of Unreal engine servers are readily available, an attacker
could create a distributed denial-of-service network using
the Unreal engines as agents.
The Unreal engine also contains a vulnerability which could
allow code execution. The format of package files, such as
music, textures, maps, and sound, contains a field which
specifies the length of the name. However, the Unreal engine
does not properly handle negative numbers in this field.
A specially crafted package file could
cause the engine to overwrite large memory spaces,
thus overwriting the return pointer, leading to the execution
of arbitrary code.
Resolution
Remove the Unreal engine.
Where can I read more about this?
This vulnerability was posted to
VulnWatch and was
described in more detail in a paper by
PivX
Solutions.