Unreal Security Hole

Screaming Lunatic writes "There seems to be a big security hole in the Unreal engine that has been around for about 5 years. It affects servers for a number of games and operating systems, including Linux (which accounts for about 40% of UT2003 servers). Epic has been working on a patch for about 3 months. Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created." A Bugtraq post from Thor Larholm of Pivx, says that Marc Rein of Epic threatened PivX with "getting our lawyers involved with this"; the TechTV article Larholm cites (the same one linked from this submission), however, contains no mention of legal action. Rein nonetheless apologized for "those completely unfortunate comments" in a followup message to Bugtraq.

Let's not overreact here...

[I'm+a+racist.]

Lots of software has security holes. Games are no different... the difference with games is that they are not targets. It's interesting that this one was spotted, but it's no real surprise.

The poster mentions Slammer. The difference between Slammer and this is that Slammer affected "mission critical" systems, and there are pretty easily demonstratable monetary losses attributed to that worm.

In the case of Unreal, there are not many (if any) businesses (or lives) depending on this software. Hypothetically, someone who hosts games for a fee would get some complaints from customers. But really, a lot of the people affected would be "home users". And, let's face it, home users (including those running Linux) are really vulnerable to all kinds of attacks. This is just a drop in the bucket...

Of course, it'd still suck to get fucked over by this security flaw (just like all the others).