CVE-2008-7011 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-7011): The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
CVE-2008-6441 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6441): Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
There appears to be no upstream fix for this. Do we care enough to mask this?
Fast forward 2.5 years. Anyone opposed to last riting these?
people still play them so there's no reason to last rite them. i highly doubt anyone is experiencing any issue outside of a research environment.
Well from a security standpoint we ought to do something. At least reverting the items to unstable seems reasonable or a proper warning of the unpatched vulnerabilities. Additional thoughts?
that's not what the keywords are for. I support adding the packages to package.mask so the user gets a message telling them where to get more information though.
PING: From: http://www.securityfocus.com/bid/31205/exploit Unreal Engine 'UnChan.cpp' Failed Assertion Remote Denial of Service Vulnerability The following exploit code is available: /data/vulnerabilities/exploits/31205.zip From: http://aluigi.altervista.org/adv/unreaload-adv.txt ====== 4) Fix ====== No fix Exist at least 2 easy work-arounds for this vulnerability: - setting "AllowDownloads=false" in the INI file of the game. naturally this method can't solve the problem if exist other ways (of which I'm not aware at the moment) to exploit this vulnerability - disabling the "!Closing" assertion (tests performed on the Windows and Linux servers of some games), the list of the bytes to modify with a hex editor is available here: http://aluigi.org/patches/unrealoadfix.txt - there is a "strange" way that has avoided the termination of the server (and I report it here only for thoroughness) through the enabling of the map voting (like [xVoting.xVotingHandler] and bMapVote=True in the INI of UT2003 and UT2004)
games-server/ut2004-ded is still in repository. About games-fps/postal2: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dc30f52f63ff7d12cb347187c4bc802533e92fb1 commit dc30f52f63ff7d12cb347187c4bc802533e92fb1 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-11-20 17:11:18 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-11-20 17:27:42 +0000 games-fps/postal2: drop last-rited package Signed-off-by: Aaron Bauman <bman@gentoo.org>
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e1e96c14effb4f076191f9d8023547cb7e15ff4 commit 5e1e96c14effb4f076191f9d8023547cb7e15ff4 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2019-12-08 21:21:44 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2019-12-08 21:27:53 +0000 games-server/ut2004-ded: drop vulnerable package * This should have been dropped along with the other ut2004/unreal engine bugs Closes: https://bugs.gentoo.org/285010 Signed-off-by: Aaron Bauman <bman@gentoo.org> games-server/ut2004-ded/Manifest | 3 - games-server/ut2004-ded/files/ut2004-ded.confd | 6 -- games-server/ut2004-ded/files/ut2004-ded.initd | 13 ---- games-server/ut2004-ded/metadata.xml | 11 --- .../ut2004-ded/ut2004-ded-3369.3-r2.ebuild | 88 ---------------------- 5 files changed, 121 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8901773bdbd36ccf9157642a98e5f39fd0245e54 commit 8901773bdbd36ccf9157642a98e5f39fd0245e54 Author: James Le Cuirot <chewi@gentoo.org> AuthorDate: 2019-12-27 00:19:18 +0000 Commit: James Le Cuirot <chewi@gentoo.org> CommitDate: 2019-12-27 00:25:53 +0000 Revert "games-server/ut2004-ded: drop vulnerable package" This reverts commit 5e1e96c14effb4f076191f9d8023547cb7e15ff4. This package was dropped because of CVE-2008-6441 and CVE-2008-7011. However, UT2004 was reported to *not* be vulnerable to the former and the latter was almost certainly fixed in 3369.3. I cannot find any release notes but the published workaround related to 3369.2 and 3369.3 was built just three days after the vulnerability was announced. Bug: https://bugs.gentoo.org/285010 Signed-off-by: James Le Cuirot <chewi@gentoo.org> games-server/ut2004-ded/Manifest | 3 + games-server/ut2004-ded/files/ut2004-ded.confd | 6 ++ games-server/ut2004-ded/files/ut2004-ded.initd | 13 ++++ games-server/ut2004-ded/metadata.xml | 11 +++ .../ut2004-ded/ut2004-ded-3369.3-r2.ebuild | 88 ++++++++++++++++++++++ 5 files changed, 121 insertions(+)