[34097] in bugtraq
Unreal engine updates and Battle Mages advisory
daemon@ATHENA.MIT.EDU (Luigi Auriemma)
Thu Mar 11 12:14:13 2004
Date: Thu, 11 Mar 2004 14:25:23 +0000
From: Luigi Auriemma <aluigi@altervista.org>
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com
Message-Id: <20040311142523.23d99c3a.aluigi@altervista.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I have an update about the methods used to test the format string
vulnerability in the Unreal engine I reported yesterday.
I have solved a problem in the windows version of my proof-of-concept
unrfs-poc (now version 0.1.1):
http://aluigi.altervista.org/poc/unrfs-poc.zip
The following instead is a very fast and easy method to test the Unreal
engine based games without using external programs or complicated exploits.
I highly suggest users to use this quick method instead of the previous
proof-of-concept:
-----
Another method to test the vulnerability is the adding of %n after
"Class=" in the file system/user.ini
Example:
From:
Class=Engine.Pawn
To:
Class=%n%nEngine.Pawn
If the game is vulnerable it will crash when launched.
-----
The last news regards an advisory about a server freeze bug in the new game
Battle Mages:
http://aluigi.altervista.org/adv/battlemages-adv.txt
BYEZ
---
Luigi Auriemma
http://aluigi.altervista.org
