2008 July 31 « Smokey's Security Weblog

Highly Critical Vulnerabilities Reported in Unreal Tournament 3

Secunia, a vulnerability intelligence provider, reported today two highly critical vulnerabilities in Unreal Tournament 3 versions 1.2 and 1.3beta4. The vulnerabilities were discovered by Luigi Auriemma.

Vulnerability 1: a problem in the handling of a specific type of packet. In this particular type of packet there is a 16 bit field which specifies the size of the data that follows and if this string is longer than about 172 bytes a memory corruption will occur allowing an attacker to control various registers which could allow the execution of malicious code.

Successful exploitation may allow execution of arbitrary code.

Vulnerability 2: if the amount of data about talked previously is bigger than the total size of the packet the string will not be read and a NULL pointer exception will occur. This type of bug is easily recognizable on the server because the message “Error: Attempted to multiply free a voice packet” is displayed before the crash when the malformed packet is received.

Both vulnerabilities are unpatched, therefore use UT3 in trusted network environments only.

July 31, 2008 Posted by Smokey | Advisories, Alerts, Malware, Security, Vulnerabilities | arbitrary code, bugs, execution malicious code, malformed packets, memory corruption, Unreal Tournament 3, Vulnerabilities | 1 Comment

Introduction

.
Welcome to Smokey’s Security Weblog!

Let’s introduce myself: my (nick)name is Smokey aka Smokey Bear.

Like my board Smokey’s Security Forums, this blog is mainly devoted to Security and all related issues. However, other issues like e.g. major occurances on my forum and social topics will be blogged too.

My board offer free security and malware related Support, Help, Advice and Education forums, however is not limited to such issues. Smokey’s have also forums with comprehensive Microsoft Windows related issues like Microsoft and Windows OS Based Products News, MS Download Center, MSDN Developer Information, software reviews, browser and tools forums, Webware, Social Networks info, Hardware- and Gadgets forums and last but not least a dedicated Windows Drivers, Linux Drivers, Firmware and BIOS Survey & Updates section containing (recently) released Drivers, Firmware and BIOSses, Windows 7 releases included. Note: most info on Smokey’s is real-time and therefore always up-to-date.

As extra service we have a OTL (formerly OTListIt2) Log Analyzing and Malware Removal/Cleaning Help Forum, full qualified OTL Log Analysers/Malware Hunters will be pleased to help you for free to clean your malware infected PC.

We are hosting and maintaining the Official Jetico Inc. Support Forums, including the following products:

- Jetico Personal Firewall V1
- Jetico Personal Firewall V2
- Jetico BestCrypt for Windows
- Jetico BestCrypt for Linux
- Jetico BestCrypt Volume Encryption
- Jetico BCArchive
- Jetico BCWipe for Windows
- Jetico BCWipe for UNIX

Disclaimer: information in this blog can be based on (not confirmed) statements of (anonymous) sources, Smokey’s Security Weblog don’t take any responsabilty for the credibility of these sources and their statements.

The posts/articles in this blog can be supplemented with so called “Possibly related posts” links. Because these links are automatically generated by WordPress.com, Smokey’s Security Weblog have no influence on the links itself and/or content of them. Therefore this Weblog don’t take any responsability for these links and all related issues.

About Copyright and this Blog: it is allowed to reproduce (parts of) posts in this blog if this reproduction is provided with a direct link to the original blog post. It is NOT allowed to copy, use and/or reproduce any image or blog banner.

Blog comments policy: to restrain indecent and off-topic comments and spam, comments are reviewed before publishing. Therefore, delay in comment publishing is unavoidable. Obligatory language of comments is English.
.