Signature Detail

APP: Unreal Gamespy Query Protocol Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the GameSpy query protocol supported by Unreal game engine. Attackers can crash a game server running the Unreal game engine, or execute arbitrary code with permissions of the user running the server.

Extended Description

Unreal Engine is reportedly prone to a memory corruption vulnerability. This issue presents itself when a remote attacker sends an excessive value to a vulnerable game server through a '\secure\' query. An attacker can exploit this issue to potentially overwrite sensitive memory addresses leading to a variety of attacks including denial of service and possible remote code execution.

Affected Products

• Arush devastation 390.0.0
• Dreamforge tnn_outdoors_pro_hunter
• Epic_games unreal_engine 226f
• Epic_games unreal_engine 3
• Epic_games unreal_engine 436
• Epic_games unreal_tournament_2003 2199 linux
• Epic_games unreal_tournament_2003 2199 macOS
• Epic_games unreal_tournament_2003 2199 win32
• Epic_games unreal_tournament_2003 2225 macOS
• Epic_games unreal_tournament_2003 2225 win32
• Epic_games unreal_tournament_2004 macOS
• Epic_games unreal_tournament_2004 win32
• Epic_games unreal_tournament_3 1.3beta4
• Gentoo linux 1.4.0
• Infogrames tacticalops 3.4.0
• Infogrames x-com_enforcer
• Ion_storm deusex 1.112.0 fm
• Nerf_arena_blast nerf_arena_blast 1.2.0
• Rage_software mobile_forces 20000.0.0
• Robert_jordan wheel_of_time 333.0.0 b
• Running_with_scissors postal_2 1337

References

• BugTraq: 10570
• CVE: CVE-2004-0608
• URL: http://aluigi.altervista.org/papers/gsmsalg.h
• URL: http://archives.neohapsis.com/archives/bugtraq/2004-06/0335.html