- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 14414
- Проверка EDB
-
- Пройдено
- Автор
- LUIGI AURIEMMA
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2010-07-20
Код:
#Original Advisory: http://aluigi.org/adv/ut3steamer-adv.txt
#
#######################################################################
Luigi Auriemma
Application: Unreal Tournament III
http://www.unrealtournament3.com
Versions: <= 2.1 (aka 3809)
Platforms: Windows (tested) and Linux
Bug: unitialized pointer
Exploitation: remote, versus server
Date: 17 Jul 2010
Author: Luigi Auriemma
e-mail: [email protected]
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Unreal Tournament III is currently the latest game (2007) of the Unreal
series created by Epic Games (http://www.epicgames.com).
#######################################################################
======
2) Bug
======
The game implements a particular command called STEAMBLOB which is
handled in any case even if Steam is not running.
This command accepts three arguments that are C, N and B and just this
last one (doesn't matter what value it has) is the cause of a problem
during the handling of some pointers that are left unitialized.
The effect is the crash of the whole server due to the access to
invalid memory or a NULL pointer.
It's enough only one UDP packet to exploit the vulnerability so there
are no limitations.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/fakep/unrealfp.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14414.zip (unrealfp.zip)
unrealfp -x 2 -c "STEAMBLOB B=" SERVER PORT
#######################################################################
======
4) Fix
======
No fix.
#######################################################################
- Источник
- www.exploit-db.com