lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <4050B46E.4000207@leoninedev.com>
Date: Thu, 11 Mar 2004 13:48:14 -0500
From: Todd Chapman <tchapman@...ninedev.com>
To: Luigi Auriemma <aluigi@...ervista.org>
Cc: bugtraq@...urityfocus.com
Subject: Re: Unreal engine updates and Battle Mages advisory


Luigi,

After seeing some doubt expressed by users in the Unreal community, I 
tried your INI file test this morning on multiple Unreal Tournament 
products and just now on America's Army 2.0. I confirmed crashes for UT, 
UT2003 demo, and AA. UT2004 demo ran fine. Results are detailed a little 
more below.

One question: Do you see the remote code execution as a possibility or 
did you actually accomplish executing code in your tests? I'm trying to 
clarify the exact level of threat to some users and they tend to take it 
more seriously when it can be presented as "verified to be exploitable 
for practical use not just DoS".


Results:
Unreal Tournament v451: Crashed with a GPF. Errors noted in log as follows:
-----
ScriptLog: InitGame: 
?Name=-TD-PintOStout?;Class=BotPack.TBoss?Class=%n%nBotPack.TMale2?team=1?skin=SoldierSkins.hkil?Face=SoldierSkins.Vector?Voice=BotPack.VoiceMaleTwo?OverrideClass=
ScriptLog: Base Mutator is CityIntro.Mutator1
Init: Initialized moving brush tracker for Level CityIntro.MyLevel
Log: Bound to UWeb.dll
Critical: UObject::SafeLoadError
Critical: UObject::GetPackageLinker
Critical: UObject::StaticLoadObject
Critical: (Core.Class ..TMale2 NULL)
Critical: UObject::StaticLoadClass
Critical: ULevel::SpawnPlayActor
Critical: UGameEngine::Init
Critical: InitEngine
Exit: Executing UObject::StaticShutdownAfterError
Exit: Executing UWindowsClient::ShutdownAfterError
Log: DirectDraw End Mode
Exit: Exiting.
Uninitialized: Name subsystem shut down
Uninitialized: Log file closed, 03/11/04 08:35:07
-----

Current UT2003 Demo (build 2206): Simple shutdown during lauch with no 
visual error message. Left the log file at home but believe it just stopped.

UT2004 Demo: Launched without issue

America's Army 2.0: Shutdown during launch similar to UT2003 Demo. Log 
file just stopped in the middle of a line:
----
ScriptLog: FontNames[3]=AAFontMedium 
Fonts[3]=Transient.InteractionMaster0.AAFontMedium0
ScriptLog: FontNames[4]=AAFontMedium 
Fonts[4]=Transient.InteractionMaster0.AAFontMedium0
ScriptLog: GUIStyles::Initialize() - AALargeText
ScriptLog: Fon
----


-- 
Todd Chapman
Systems Architect
TChapman@...ninedev.com



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ