Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Modern Warfare 3 and CryENGINE 3 Vulnerable?

Researchers have discovered what's called "a serious vulnerability" in Call of Duty: Modern Warfare 3, reports Computerworld from the Power of Community (POC2012) security conference in Seoul in an article that also notes a different vulnerability in Crytek's CryENGINE 3 (these are two separate issues: Modern Warfare 3 uses Infinity Ward's IW Engine, derived from id Software technology). Researchers from security consultant ReVuln demonstrated a denial of service attack that could be used to crash a Modern Warfare 3 server, before using the game Nexuiz to show how running the server for a CryENGINE 3 game can be used to launch a remote shell on a client computer (thanks Ant via Slashdot). It sounds like they are holding out for a payday based on their discoveries:

The first problem the pair presented is a denial-of-service vulnerability in Call of Duty: Modern Warfare 3, made by Activision. Auriemma showed in a video how the server administrator received a warning when he remotely crashed the server running the game.

Auriemma masked some details in his presentation so as to not give too much information away, but he and Ferrante are planning to release advisories on the two vulnerabilities next Tuesday, the launch day for "Black Ops II," the latest game in the Call of Duty series. Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

The second problem relates to CryEngine 3, a graphics engine developed by Crytek for use in its own and other companies' games.

Auriemma's demonstration showed an attack on CryEngine 3 within the game Nexuiz. The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

View
9 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >

9. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 13, 2012, 00:54 Iurand
 
DangerDog wrote on Nov 12, 2012, 13:01:
CryEngine 3 server?

I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release.

Mechwarior Online and StarCitizen are using CryEngine.
 
Reply Quote Edit Delete Report
 
8. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 15:54 Ceribaen
 
DangerDog wrote on Nov 12, 2012, 13:01:
CryEngine 3 server?

I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release.

Doesn't a version MW:LL use Crysis 2? Is that still active?
I know they also have a version based on Crysis Wars as well, but don't know which is first/second and uses what engine.
 
Reply Quote Edit Delete Report
 
7. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 15:48 xXBatmanXx
 
They don't care. They don't care about customer support, they don't care about hacking, they don't care about this.

Move along.
 
Avatar 10714
 
Buy from GreenManGaming? Use this, we both get $2.00 - http://www.greenmangaming.com/?gmgr=purutuwi
Reply Quote Edit Delete Report
 
6. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 13:41 bullet-worm
 
The BOOM exploit has been around FOREVER to remotely bring down an old iD (er... I mean completely new and updated) IW server. There is nothing new there and it has been a known exploit with almost every CoD PC release, and yet never permanently fixed despite release after release after release...

There saved Activision some money, and you can almost bet the same vulnerability will still be there for Black Ops 2 as well.

They did patch out that vulnerability in some of the releases... but always shows its head again on the next release.
 
Reply Quote Edit Delete Report
 
5. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 13:20 Fantaz
 
Pay us $1000 a day and we'll fix your stacks to prevent buffer overflows!  
Avatar 571
 
Reply Quote Edit Delete Report
 
4. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 13:01 DangerDog
 
CryEngine 3 server?

I'm not aware of any multiplayer mods that use CryEngine 3, Crysis 2 multiplayer was dead on release.
 
Avatar 6174
 
Reply Quote Edit Delete Report
 
3. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 11:12 Creston
 
Ferrante said they are willing to work with Activision but aren't going to volunteer the information, since their research is part of their business.

Activision: "They want money for it? Next."

Like those assholes are going to pay money to FIX something in their shitty yearly fragfest.

Creston
 
Avatar 15604
 
Reply Quote Edit Delete Report
 
2. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 11:05 eRe4s3r
 
The attack, at the server level, enabled him to create a remote shell on a game-player's computer.

I am convinced that all major games have issues like this, it's just that nobody ever bothered to research this or if they did, only for malicious purposes.

And that they wait for a pay-day is obvious. They are after all, security consultants. ^^ They would be pretty terrible at their business if they'd just say how it works.
 
Avatar 54727
 
Reply Quote Edit Delete Report
 
1. Re: Modern Warfare 3 and CryENGINE 3 Vulnerable? Nov 12, 2012, 10:53 ViRGE
 
A Denial of Service (DoS) attack isn't something to be particularly worried about. Game servers have always been bad about that, opting to reboot and move on.

A remote code execution attack on CryEngine 3 on the other hand is much more serious, but without more details it's hard to say just how bad it is.

Though the whole thing smells like a publisher shakedown by Auriemma.
 
Reply Quote Edit Delete Report
 
9 Replies. 1 pages. Viewing page 1.
< Newer [ 1 ] Older >


footer

Blue's News logo