GLSA-200407-14 : Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries

critical Nessus Plugin ID 14547

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200407-14 (Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries)

The Unreal-based game servers support a specific type of query called 'secure'. Part of the Gamespy protocol, this query is used to ask if the game server is able to calculate an exact response using a provided string.
Luigi Auriemma found that sending a long 'secure' query triggers a buffer overflow in the game server.
Impact :

By sending a malicious UDP-based 'secure' query, an attacker could execute arbitrary code on the game server.
Workaround :

Users can avoid this vulnerability by not using Unreal Tournament to host games as a server. All users running a server should upgrade to the latest versions.

Solution

All Unreal Tournament users should upgrade to the latest available versions:
# emerge sync # emerge -pv '>=games-fps/ut2003-2225-r3' # emerge '>=games-fps/ut2003-2225-r3' # emerge -pv '>=games-server/ut2003-ded-2225-r2' # emerge '>=games-server/ut2003-ded-2225-r2' # emerge -pv '>=games-fps/ut2004-3236' # emerge '>=games-fps/ut2004-3236' # emerge -pv '>=games-fps/ut2004-demo-3120-r4' # emerge '>=games-fps/ut2004-demo-3120-r4'

See Also

http://aluigi.altervista.org/adv/unsecure-adv.txt

https://security.gentoo.org/glsa/200407-14

Plugin Details

Severity: Critical

ID: 14547

File Name: gentoo_GLSA-200407-14.nasl

Version: 1.19

Type: local

Published: 8/30/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:ut2003, p-cpe:/a:gentoo:linux:ut2003-ded, p-cpe:/a:gentoo:linux:ut2004, p-cpe:/a:gentoo:linux:ut2004-demo, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/19/2004

Vulnerability Publication Date: 6/18/2004

Exploitable With

CANVAS (CANVAS)

Metasploit (Unreal Tournament 2004 "secure" Overflow (Win32))

Reference Information

CVE: CVE-2004-0608

GLSA: 200407-14