Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
User Settings
LAN Parties
Upcoming one-time events:
Germany 08/31
Chicago, IL USA, IL 10/19

Regularly scheduled events

GameSpy Security Issue?

A story on The Register announces that "GameSpy could let crackers mount network DDoS attacks" (thanks argent). According to the story a patch is on the way to address the problem, which is described here:

The vulnerability, which affects many games across Windows and *nix server platforms, is based upon spoofed UDP requests, as an advisory by security research outfit PivX Solutions (which made public its research yesterday) explains.

Affected applications include Battlefield 1942 Server, Quake, Quake 2, Q3: Arena & Team Arena, Half-Life, Counter-Strike, Unreal Tournament 2003, and Return to Castle Wolfenstein... and more, according to the alert.

"As a basic rule of thumb, if it supports GameSpy, it will likely be vulnerable," said Mike Kristovich, a security researcher for PivX Solutions, who first identified the vulnerability.

9. wow Jan 17, 2003, 16:04 Retrac
After reading the pivX page, I am completely suprised by their lack of reagrd on posting the sample code. Having it out there like that is just inviting script kiddies out there to crash servers like mad.

I know it is a simple c program to create udp packets. But I think most people wouldnt go through the hassle to create it from scratch. But when it is done already with a nice user interface like that. Just too tempting in my mind. I think we'll be seeing some patches come through here fairly quickly now.


Previous Post Next Post Reply Quote Edit Delete Report
    Date Subject Author
  1. Jan 17, 15:05 The Register Creole Ned
  2. Jan 17, 15:20  Re: The Register argent
  21. Jan 18, 09:30  Re: The Register me
  3. Jan 17, 15:30 Nothing to do with Gamespy a big hairy spider
  7. Jan 17, 15:48  Re: Nothing to do with Gamespy argent
  16. Jan 17, 19:03   Re: Nothing to do with Gamespy fds
  4. Jan 17, 15:35 Does this mean... Schnapple
  5. Jan 17, 15:45  Re: Does this mean... argent
  6. Jan 17, 15:46 Little help... Sparrow
  8. Jan 17, 15:57  Re: Little help... Retrac
>> 9. Jan 17, 16:04   wow Retrac
  11. Jan 17, 16:15    Re: wow nin
  12. Jan 17, 16:33     Re: wow Elder_MMHS
  13. Jan 17, 17:45    Re: wow argent
  15. Jan 17, 19:01     Re: wow fds
  17. Jan 17, 21:14      Re: wow Tungsten
  18. Jan 17, 21:58      Re: wow argent
  10. Jan 17, 16:12  Re: Little help... Mashiki Amiketo
  14. Jan 17, 18:54 some tidbits fds
  19. Jan 17, 23:32 Easy fix, lazy developers gunther
  23. Jan 18, 22:30  Not so easy fix. LittleFlower
  20. Jan 18, 09:25 GameSpy isn't at fault. FRAGaLOT
  22. Jan 18, 09:42  Re: GameSpy isn't at fault. fds
  24. Jan 19, 13:19   Re: GameSpy isn't at fault. FRAGaLOT


Blue's News logo