Unreal Tournament Code Vulnarable for hacks

[apex]

Maybe this is old ...I dont know but its disturbing. The code send by the Unreal Tournament game allows hackers to take over your computer.

http://www.nu.nl/news.jsp?n=346539&c=55

 

[SnowCat]

Felerian says:

can you translate it or post a link in english?
would like to know everything about it.

 

[auriel]

who cares.. its only ut2k4 :cool:

 

[SX]

read it correct .....

 

[apex]

who cares.. its only ut2k4 :cool:

no, "its in the latest version Unreal Tournament 2004 aswell as the previous series..."

 

[apex]

on Cnet you can get all the information


www.Cnet.com

 

[apex]

on Cnet you can get all the information


www.Cnet.com

http://news.com.com/Critical+flaw+found+in+game+software/2100-1043_3-5244067.html?tag=nefd.top


google is your friend

 

[IceDragon]

aparently epic made a patch for UT too

/me is too lazy to go out and search it (no hackzor gives a shit bout me anyway )

 

[Lord_tux]

Old yes Apex, These exploits are known for a while... Just not that widespread to the public: Ignorance is bliss
Now that italian dude has released some POC code that any scriptkiddie can use... Thats the most disturbing...

(no hackzor gives a shit bout me anyway )

thats what alot of users think!! Wrong ! Even if u have no special data on ur comp a hacker can use it for any other purpose: DDOS ,spamrelay,... to name a few

 

[Humph]

DDOS is a classic. Anyone can do that if they know how (or they have a little tool that does it for them )

 

[-CrackKing-]

right
so where's the solution(s)?

 

[subZ]

Uninstall UT.

 

[thePROPHET!]

It´s on Bugtraq: http://www.securityfocus.com/bid/10570

*all* Unreal Engines are vulnerable...

 

[Nephilim]

Anyone can do that if they know how

isnt it like this with everything in the world?

 

[deadly]

i know howto get president

sux0rs tho any patch released?

 

[Shinon`]

i know howto get president

u weren't born in the USA or any other country with a President... so u can't get president

 

[AnthraX]

the news item is utter bs, the only thing you can do by abusing this leak is making a server crash. The solution is to replace IPServer.u, replace it by a new file that has the same code but doesn't have the gamespy code (wich is deprecated anyway). You can find a file like this on www.anticheat.co.uk, it's called securevalidate. The exploit doesn't affect clients!

 

[IceDragon]

the news item is utter bs, the only thing you can do by abusing this leak is making a server crash. The solution is to replace IPServer.u, replace it by a new file that has the same code but doesn't have the gamespy code (wich is deprecated anyway). You can find a file like this on www.anticheat.co.uk, it's called securevalidate. The exploit doesn't affect clients!

this guy knows something

 

[Cratos]

this guy knows something

 

['//3iRd(o)]

the news item is utter bs, the only thing you can do by abusing this leak is making a server crash. The solution is to replace IPServer.u, replace it by a new file that has the same code but doesn't have the gamespy code (wich is deprecated anyway). You can find a file like this on www.anticheat.co.uk, it's called securevalidate. The exploit doesn't affect clients!

Uhm, I think you'll find it's the entire udp protocol that's affected, not just a "gamespy specific" section (if there is such a thing).

Looks like we may be seeing a LeagueAS136c anyway; since the udp query/uplink code in that will also have to be updated.