[gentoo-announce] [ GLSA 200407-14 ] Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200407-14 ] Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries
Date:	Mon, 19 Jul 2004 20:55:12
Message-Id:	`40FC34CA.2040201@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200407-14

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: High

11

     Title: Unreal Tournament 2003/2004: Buffer overflow in 'secure'

12

            queries

13

      Date: July 19, 2004

14

      Bugs: #54726

15

        ID: 200407-14

16

17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

18

19

Synopsis

20

========

21

22

Game servers based on the Unreal engine are vulnerable to remote code

23

execution through malformed 'secure' queries.

24

25

Background

26

==========

27

28

Unreal Tournament 2003 and 2004 are popular first-person-shooter games.

29

They are both based on the Unreal engine, and can be used in a game

30

server / client setup.

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package                  /   Vulnerable   /            Unaffected

37

    -------------------------------------------------------------------

38

  1  games-fps/ut2003             <= 2225-r2                >= 2225-r3

39

  2  games-server/ut2003-ded      <= 2225-r1                >= 2225-r2

40

  3  games-fps/ut2004               < 3236                     >= 3236

41

  4  games-fps/ut2004-demo        <= 3120-r3                >= 3120-r4

42

    -------------------------------------------------------------------

43

     4 affected packages on all of their supported architectures.

44

    -------------------------------------------------------------------

45

46

Description

47

===========

48

49

The Unreal-based game servers support a specific type of query called

50

'secure'. Part of the Gamespy protocol, this query is used to ask if

51

the game server is able to calculate an exact response using a provided

52

string. Luigi Auriemma found that sending a long 'secure' query

53

triggers a buffer overflow in the game server.

54

55

Impact

56

======

57

58

By sending a malicious UDP-based 'secure' query, an attacker could

59

execute arbitrary code on the game server.

60

61

Workaround

62

==========

63

64

Users can avoid this vulnerability by not using Unreal Tournament to

65

host games as a server. All users running a server should upgrade to

66

the latest versions.

67

68

Resolution

69

==========

70

71

All Unreal Tournament users should upgrade to the latest available

72

versions:

73

74

    # emerge sync

75

76

    # emerge -pv ">=games-fps/ut2003-2225-r3"

77

    # emerge ">=games-fps/ut2003-2225-r3"

78

79

    # emerge -pv ">=games-server/ut2003-ded-2225-r2"

80

    # emerge ">=games-server/ut2003-ded-2225-r2"

81

82

    # emerge -pv ">=games-fps/ut2004-3236"

83

    # emerge ">=games-fps/ut2004-3236"

84

85

    # emerge -pv ">=games-fps/ut2004-demo-3120-r4"

86

    # emerge ">=games-fps/ut2004-demo-3120-r4"

87

88

References

89

==========

90

91

  [ 1 ] Luigi Auriemma advisory

92

        http://aluigi.altervista.org/adv/unsecure-adv.txt

93

  [ 2 ] CAN-2004-0608

94

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608

95

96

Availability

97

============

98

99

This GLSA and any updates to it are available for viewing at

100

the Gentoo Security Website:

101

102

    http://security.gentoo.org/glsa/glsa-200407-14.xml

103

104

Concerns?

105

=========

106

107

Security is a primary focus of Gentoo Linux and ensuring the

108

confidentiality and security of our users machines is of utmost

109

importance to us. Any security concerns should be addressed to

110

security@g.o or alternatively, you may file a bug at

111

http://bugs.gentoo.org.

112

113

License

114

=======

115

116

Copyright 2004 Gentoo Foundation, Inc; referenced text

117

belongs to its owner(s).

118

119

The contents of this document are licensed under the

120

Creative Commons - Attribution / Share Alike license.

121

122

http://creativecommons.org/licenses/by-sa/1.0

123

124

-----BEGIN PGP SIGNATURE-----

125

Version: GnuPG v1.2.4 (GNU/Linux)

126

Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

127

128

iD8DBQFA/DTKvcL1obalX08RAgTuAJ9OO9liZjNIe+ppMH6VJDMu2jN2kgCdFiqG

129

vW8WTs/dUn4uk79cCI5AIi0=

130

=Ml07

131

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200407-14
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: High
11	Title: Unreal Tournament 2003/2004: Buffer overflow in 'secure'
12	queries
13	Date: July 19, 2004
14	Bugs: #54726
15	ID: 200407-14
16
17	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
18
19	Synopsis
20	========
21
22	Game servers based on the Unreal engine are vulnerable to remote code
23	execution through malformed 'secure' queries.
24
25	Background
26	==========
27
28	Unreal Tournament 2003 and 2004 are popular first-person-shooter games.
29	They are both based on the Unreal engine, and can be used in a game
30	server / client setup.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 games-fps/ut2003 <= 2225-r2 >= 2225-r3
39	2 games-server/ut2003-ded <= 2225-r1 >= 2225-r2
40	3 games-fps/ut2004 < 3236 >= 3236
41	4 games-fps/ut2004-demo <= 3120-r3 >= 3120-r4
42	-------------------------------------------------------------------
43	4 affected packages on all of their supported architectures.
44	-------------------------------------------------------------------
45
46	Description
47	===========
48
49	The Unreal-based game servers support a specific type of query called
50	'secure'. Part of the Gamespy protocol, this query is used to ask if
51	the game server is able to calculate an exact response using a provided
52	string. Luigi Auriemma found that sending a long 'secure' query
53	triggers a buffer overflow in the game server.
54
55	Impact
56	======
57
58	By sending a malicious UDP-based 'secure' query, an attacker could
59	execute arbitrary code on the game server.
60
61	Workaround
62	==========
63
64	Users can avoid this vulnerability by not using Unreal Tournament to
65	host games as a server. All users running a server should upgrade to
66	the latest versions.
67
68	Resolution
69	==========
70
71	All Unreal Tournament users should upgrade to the latest available
72	versions:
73
74	# emerge sync
75
76	# emerge -pv ">=games-fps/ut2003-2225-r3"
77	# emerge ">=games-fps/ut2003-2225-r3"
78
79	# emerge -pv ">=games-server/ut2003-ded-2225-r2"
80	# emerge ">=games-server/ut2003-ded-2225-r2"
81
82	# emerge -pv ">=games-fps/ut2004-3236"
83	# emerge ">=games-fps/ut2004-3236"
84
85	# emerge -pv ">=games-fps/ut2004-demo-3120-r4"
86	# emerge ">=games-fps/ut2004-demo-3120-r4"
87
88	References
89	==========
90
91	[ 1 ] Luigi Auriemma advisory
92	http://aluigi.altervista.org/adv/unsecure-adv.txt
93	[ 2 ] CAN-2004-0608
94	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0608
95
96	Availability
97	============
98
99	This GLSA and any updates to it are available for viewing at
100	the Gentoo Security Website:
101
102	http://security.gentoo.org/glsa/glsa-200407-14.xml
103
104	Concerns?
105	=========
106
107	Security is a primary focus of Gentoo Linux and ensuring the
108	confidentiality and security of our users machines is of utmost
109	importance to us. Any security concerns should be addressed to
110	security@g.o or alternatively, you may file a bug at
111	http://bugs.gentoo.org.
112
113	License
114	=======
115
116	Copyright 2004 Gentoo Foundation, Inc; referenced text
117	belongs to its owner(s).
118
119	The contents of this document are licensed under the
120	Creative Commons - Attribution / Share Alike license.
121
122	http://creativecommons.org/licenses/by-sa/1.0
123
124	-----BEGIN PGP SIGNATURE-----
125	Version: GnuPG v1.2.4 (GNU/Linux)
126	Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
127
128	iD8DBQFA/DTKvcL1obalX08RAgTuAJ9OO9liZjNIe+ppMH6VJDMu2jN2kgCdFiqG
129	vW8WTs/dUn4uk79cCI5AIi0=
130	=Ml07
131	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce