Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Unreal Engine Heap Overflow, RBOT.CC, ISCAlert - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unreal Engine Heap Overflow, RBOT.CC, ISCAlert
Unreal Engine Heap Overflow:

A heap overflow has been found in the Unreal Engine that is exploitable against machines running many Unreal based games in server mode. Although we have no reports of exploits being used in the wild, it is believed that exploiting this vulnerability to remotely execute code is possible. We recommend that anyone serving one of the vulnerable games based on the Unreal Engine install patches as soon as they become available. Until patches are available, the only secure recourse is to block all UDP traffic to ports 7777 and 7787 (which will, effectively, keep you from acting as a game server). Limiting access to ports 7777 and 7787 to known IPs is not an effective defense because this is a UDP based attack and packets can be spoofed.

RBOT.CC ?Very Evil

A reader forwarded us the source code for rbot.cc for our malware analysis team to analyze. While we haven?t had a chance to fully dissect the code, it?s pretty obvious that this thing is very, very evil. In addition to the information presented in yesterday?s diary, it appears that it can be compiled with the ability to exploit many of the backdoors left behind by email worms such as MyDoom and Bagle, as well as carrying exploit code for exploiting holes in Dameware and weak MSSQL passwords.

Another plug for ISCAlert

ISCAlert is a small information application that sits in your systray and keeps you informed of the Infocon status here at the ISC. The download is only 13kb and contains the 6k ISCAlert.exe application and a .pdf file explaining its use. You can download ISCAlert.zip from:

http://www.labreatechnologies.com/ISCAlert.zip">http://www.labreatechnologies.com/ISCAlert.zip

-----------------------------------------------

Handler on duty: Tom Liston ( http://www.labreatechnologies.com )
Tom

160 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!