Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200407-14] Unreal Tournament 2003/2004: Buffer overflow in \'secure\' queries

Vulnerability Assessment Details

[GLSA-200407-14] Unreal Tournament 2003/2004: Buffer overflow in \'secure\' queries
Vulnerability Assessment Summary
Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200407-14
(Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries)


The Unreal-based game servers support a specific type of query called
'secure'. Part of the Gamespy protocol, this query is used to ask if the
game server is able to calculate an exact response using a provided string.
Luigi Auriemma found that sending a long 'secure' query triggers a buffer
overflow in the game server.

Impact

By sending a malicious UDP-based 'secure' query, a possible hacker could execute
arbitrary code on the game server.

Workaround

Users can avoid this vulnerability by not using Unreal Tournament to host
games as a server. All users running a server should upgrade to the latest
versions.

References:
http://aluigi.altervista.org/adv/unsecure-adv.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0608


Solution:
All Unreal Tournament users should upgrade to the latest available
versions:
# emerge sync
# emerge -pv ">=games-fps/ut2003-2225-r3"
# emerge ">=games-fps/ut2003-2225-r3"
# emerge -pv ">=games-server/ut2003-ded-2225-r2"
# emerge ">=games-server/ut2003-ded-2225-r2"
# emerge -pv ">=games-fps/ut2004-3236"
# emerge ">=games-fps/ut2004-3236"
# emerge -pv ">=games-fps/ut2004-demo-3120-r4"
# emerge ">=games-fps/ut2004-demo-3120-r4"


Network Security Threat Level: High


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Gaming PC RTX 3080 Zotac Gaming, AMD Ryzen 7 5800X 3.8 GHz 8- Core Processor picture

Gaming PC RTX 3080 Zotac Gaming, AMD Ryzen 7 5800X 3.8 GHz 8- Core Processor

$850.00


FAST Dell TOUCHSCREEN 8th Gen Intel Quad Core 16GB RAM Pick SSD Wi-Fi BT Win11 picture

FAST Dell TOUCHSCREEN 8th Gen Intel Quad Core 16GB RAM Pick SSD Wi-Fi BT Win11

$199.00


ALLEGIANCE Desktop Computer Gaming PC: Intel 8 Core 128GB RAM, 2TB SSD, GeForce picture

ALLEGIANCE Desktop Computer Gaming PC: Intel 8 Core 128GB RAM, 2TB SSD, GeForce

$687.99


Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ... picture

Intel - Core i9-13900K 13th Gen 24 cores 8 P-cores + 16 E-cores 36M Cache, 3 ...

$689.99


Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4... picture

Intel - Core i7-13700K 13th Gen 16 cores 8 P-cores + 8 E-cores 30M Cache, 3.4...

$489.99


Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc... picture

Intel - Core i9-12900K Desktop Processor 16 (8P+8E) Cores up to 5.2 GHz Unloc...

$619.99


Apple iMac Pro 2017 27 Inch 5K 3.2 GHz 8-Core Xeon 64GB RAM 1TB Vega picture

Apple iMac Pro 2017 27 Inch 5K 3.2 GHz 8-Core Xeon 64GB RAM 1TB Vega

$1295.00


Intel - Core i5-13600K 13th Gen 14 cores 6 P-cores + 8 E-cores 24M Cache, 3.5... picture

Intel - Core i5-13600K 13th Gen 14 cores 6 P-cores + 8 E-cores 24M Cache, 3.5...

$339.99


Intel NUC Core i7 8th Gen - Mini PC Kit BOXNUC8I7BEH1 picture

Intel NUC Core i7 8th Gen - Mini PC Kit BOXNUC8I7BEH1

$300.00


SONOMA Apple MacBook Pro 16

SONOMA Apple MacBook Pro 16" 5.0GHz i9 8 CORE - 5500M 8GB - 64GB RAM 1TB SSD

$1269.60


Discussions

No Discussions have been posted on this vulnerability.