Unreal Security Hole

Screaming Lunatic writes "There seems to be a big security hole in the Unreal engine that has been around for about 5 years. It affects servers for a number of games and operating systems, including Linux (which accounts for about 40% of UT2003 servers). Epic has been working on a patch for about 3 months. Imagine the bad publicity games would receive if a worm on the scale of Slammer had been created." A Bugtraq post from Thor Larholm of Pivx, says that Marc Rein of Epic threatened PivX with "getting our lawyers involved with this"; the TechTV article Larholm cites (the same one linked from this submission), however, contains no mention of legal action. Rein nonetheless apologized for "those completely unfortunate comments" in a followup message to Bugtraq.

Re:Yadda

[moosesocks]

That made absolutely no sense.

Any binary-capable protocol should be capable of transferring compressed ZIP (or SIT, or TAR, or GZIP, or BZIP, etc) files, or any type of binary data for that matter.

Granted, the authors may have implemented a HTTPD daemon into their server to server... but the post doesn't make that clear. Why be redirected to another server? Why would a webserver be faster than the game server? I'd tend to think that most game servers have more than enough bandwidth. Once a file is compressed into a ZIP, no further compression is possible, no matter what protocol you use (unless the UT protocol REALLY sucks) - it's futile... you won't get more than a few extra bytes out of it.