Unreal Security Hole

← Back to Stories (view on slashdot.org)

Posted by timothy on Tuesday February 11, 2003 @01:48PM from the compromising dept.

Screaming Lunatic writes "There seems to be a big security hole in the Unreal engine that has been around for about 5 years. It affects servers for a number of games and operating systems, including Linux (which accounts for about 40% of UT2003 servers). Epic has been working on a patch for about 3 months. Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created." A Bugtraq post from Thor Larholm of Pivx, says that Marc Rein of Epic threatened PivX with "getting our lawyers involved with this"; the TechTV article Larholm cites (the same one linked from this submission), however, contains no mention of legal action. Rein nonetheless apologized for "those completely unfortunate comments" in a followup message to Bugtraq.

29 of 250 comments (clear)

Uh oh... by Electrode · 2003-02-11 13:51 · Score: 5, Funny

So, how long until we see the "Monster Kill" virus begin to make the rounds?
1. Re:Uh oh... by Anonymous Coward · 2003-02-11 14:12 · Score: 2, Funny
  
  SEE!! I told you I was lagging!! I'm not a newb!! HAHAH I now have proof!
  
  ++AC
2. Re:Uh oh... by ubugly2 · 2003-02-11 14:23 · Score: 3, Funny
  
  I believe it's M-M-M-Monster Kill
YOU WILL BE ASSIMILATED!!! by Tuxinatorium · 2003-02-11 13:52 · Score: 0, Funny

WE ARE THE BORG
Lower your firewalls and surrender your computers. We will add your MP3s and bootleg movies to our own. Your lack of culture will adapt to survice us.
Slashdot will be assimilated!
Resistance is futile!
Resistance is futile!
Resistance is futile!
Resistance is futil3!
Resistance is futil3!
Resistance is futil3!
R3sistance is futile!
R3sistance is futile!
R3sistance is futile!
RESISTANCE IS FUTILE.
RESISTANCE IS FUTILE.
RESISTANCE IS FUTILE.

--
Repeal the DMCA!
wow by The+Other+White+Boy · 2003-02-11 13:53 · Score: 3, Funny

and here i thought ut2k3 was just really good at killing time. does this mean we can all go up on terrorism charges now since we've used a device capable of bringing down network systems? =)
Watch out! by Joe+the+Lesser · 2003-02-11 13:55 · Score: 5, Funny

Slammer_Worm is on a killing spree!
Slammer_Worm is on rampage!
Slammer_Worm is dominating!
Slammer_Worm is unstoppable!
Slammer_Worm is Godlike!!!

--
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Re:Games are worse than drugs. by leviramsey · 2003-02-11 13:59 · Score: 5, Funny

Am I the only one to see a whole generation being wasted by such games like CS? I know ppl who play it 12 hours a day, god damn it! If someone would compare the degeneration of health/brain etc from CS vs. Grass, I bet CS would win.

When you play CS, you're supporting terrorists!
$250/hr to play games? by EvilStein · 2003-02-11 14:00 · Score: 5, Funny

"threatened PivX with "getting our lawyers involved with this""

No, let's not let the lawyers get involved. THey make enough per hour as it is - we don't need to pay anyone $250/hr to play Unreal Tournament for "case notes."

Wait.. then again, lawyers in Unreal Tournament games. Hrm. It could be an all-out fragfest on a level that nobody could have ever imagined before. I like that idea!
1. Re:$250/hr to play games? by goatasaur · 2003-02-11 14:04 · Score: 4, Funny
  
  Shit, spawn camping would be forgivable in that case.
  
  --
  ~D:
I really like Rein's comment by rasteri · 2003-02-11 14:00 · Score: 5, Funny

"I won't sugar coat this. We f***ed up on this. Yes this is real and yes this was brought to our attention and yes we should have fixed it by now."

I get the feeling that I'll be in my cold, cold grave before Microsoft starts releasing statements like this :)

But seriously, it's nice to see a large company admitting it has "F***ed up".
1. Re:I really like Rein's comment by commodoresloat · 2003-02-11 17:11 · Score: 4, Funny
  
  We f***ed up on this. Yes this is real
  I thought it was unreal?
It's unfortunate, but... by Anonymous Coward · 2003-02-11 14:02 · Score: 3, Funny

I think this adds some teeth to the popular notion that gamers, or at least the majority of them are, terrorists. Plain and simple. They are a threat to the security of the principles we hold dear in the United States of America, and the Right Honourable Prime Minister George Williamson Bush, Junior should consider binding legislation against anyone suspected of being in a gamer-terrorist cell.
Aha! by Anonymous Coward · 2003-02-11 14:05 · Score: 5, Funny

that's why I've lost so many matches! Somebody is executing malicious code that screws up my aim and makes me play like crap.
Unreal Security Hole by teeker · 2003-02-11 14:15 · Score: 3, Funny

Just like I've always said!! Windows is incredibly insecu.. ehh...

Um...oh. never mind.

--
teeker
Movie Idea by OwlofCreamCheese · 2003-02-11 14:17 · Score: 4, Funny

Now they should make a movie, where some kid installs this on his dad's computer at work, and his dad just HAPPENS to be the scientist involved in working the computers that controls nuclear weapons, and they have to play unreal, and if they loose: the world will be destroyed, so they put the kid in some virtual reality suit so he can get inside the game and play for real and save the day. oh come on! its as good a plot as any other videogame based movie, think of that and really tell me honestly that wouldn't be the plot of any unreal movie that came out....

--
-You're wasting your time. Alfador only likes me.
1. Re:Movie Idea by Iamthefallen · 2003-02-11 16:54 · Score: 4, Funny
  
  Yeah it was with that chick from that other movie about a bus that had to speed around
  a city, keeping its speed over fifty, and if it's speed dropped, it would explode!
  
  I think it was called The bus that couldn't slow down.
  
  --
  Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
So... this is the sound of a thousand gamers... by saskboy · 2003-02-11 14:24 · Score: 3, Funny

Switching to Quake III.

Just when me and my friends were putting the finishing touches of our college residence Unrealy Tourny level :-(

Patch it! Patch it quick, I have to snipe! A day without "M-mmmonster KILL" ringing in my ears, is a day not worth waking up for.

--
Saskboy's blog is good. 9 out of 10 dentists agree.
Unreal players discussing the security hole by joe_bruin · 2003-02-11 14:29 · Score: 5, Funny

GG
NEW MAP!!!!!!!!!!!!!!!!!!1111
GG EVARYBODY
ZEROSTUD IS A CHEATER
YEAH, I
OMFG UR TEH LAMER
SHUTUP, U CAMPING FAG
[FGP]-Killaz-X -0- LAG!
NO LAG U SUX
NO FUCK YOU
I GET 20 PING
U GUYS HERE ABOUT TEH SECURITY THING??!
GG
NEW MAP
LATZ, IM GONNA PLAY CS
FUCK YOU
KILLING SPREE
UR CHEATING
KICK HIM
STFU U LAMR, YUO SUK
VOTE ON NEW MAP
oh, and to address the actual topic... by jo_ham · 2003-02-11 14:35 · Score: 2, Funny

Guns, rocket launchers, women: good

Worms, security holes, f'ing smiley face proxy mines, Microsoft: bad

mmmkay?
*Unreal* Security Hole.... by AtomicBomb · 2003-02-11 14:44 · Score: 2, Funny

It can't be real ;-)
Re:Links by Zeinfeld · 2003-02-11 14:51 · Score: 5, Funny

More [bluesnews.com] at bluesnews.
I heard of Blues Clues, but Blue's news?
To play Blues News you have to find a bug
Stick it in your notebook and describe the hole you've dug
Find another pawprint, thats the second bug
Stick it in your notebook and go catch the cyber-thug
Find the last pawprint, thats the third bug
Stick it in your notebook, get your coffee mug
Sit down in the thinking chair and think, think think.
Cos when we use our minds take a step at a time you can dooo anything, and on billable hours too.

--
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Re:Convenient Too! by DASHSL0T · 2003-02-11 14:52 · Score: 5, Funny

That's like Microsoft providing a web page showing which IIS servers are still affected by code red and showing their IP's.

Given how well they did with patching their network over Slammer, I think the list would start with:
127.0.0.1

--
Freedom Is Universal
Linux-Universe
A Generation Already Wasted by Myriad · 2003-02-11 14:56 · Score: 4, Funny

Am I the only one to see a whole generation being wasted by such games like CS? I know ppl who play it 12 hours a day, god damn it! If someone would compare the degeneration of health/brain etc from CS vs. Grass, I bet CS would win.
Frankly, if you're someone who routinely writes "ppl" in place of "people" you're already demonstrating such severe degeneration of health/brain that you may already be a lost cause.
Sooo...what I wanted to say is that I hope that someone f**k the game-servers up so badly that these trapped gamerz can see what life has to offer!
Might I suggest you take some of the same advice you give to these "gamerz" and check out what life has to offer. It appears to be passing you by.

--
"They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
Re:Let's not overreact here... by Atomizer · 2003-02-11 14:56 · Score: 5, Funny

Yeah, just think the Unreal worm hits, and suddenly office productivity increases all over the world.
pwned! by Oshuma.Shiroki · 2003-02-11 15:09 · Score: 2, Funny

Now I guess when someone says they '0wnz j00' they might really mean it. ;)
Imagine by Noksagt · 2003-02-11 15:12 · Score: 3, Funny

Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created.

I wouldn't mind seeing which bank used unreal servers in their ATMs :)
Could work for Kazaa, against RIAA by Ilan+Volow · 2003-02-11 16:58 · Score: 4, Funny

Kazaa's next legal defense will be that their software is not a file-sharing service but really an instant messaging server with a security hole that can be exploited to give access to a user's hard drive.

--
Ergonomica Auctorita Illico!
Re:At least they're being frank... by twakar · 2003-02-11 18:57 · Score: 2, Funny

Actually, I'm Frank and I am sick and tired of people wanting to be me :)

--
Progress is man's ability to complicate simplicity!
Re:Games are worse than drugs. by lovepot · 2003-02-12 02:00 · Score: 2, Funny

I don't know anyone who plays CS without grass ;)