News Vulnerabilities in the Steam server could allow hackers to hack online games


Jaysu

Banned
Joined
21.09.20
Messages
121
Reaction score
776
Points
63
Critical vulnerabilities were discovered in the main network library that provides the functionality of Valve online games, the exploitation of which allowed attackers to remotely cause video games to crash and even take control of affected third-party game servers to execute arbitrary code.

Vulnerabilities (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020 — 6019) were discovered in the Game Networking Sockets (GNS) or Steam Sockets library from Valve, an open source network library that provides a "basic transport layer for games", allowing a combination of UDP and TCP features with encryption, greater reliability, and peer-to-peer (P2P) communication.

The attack is related to a problem in the package reassembly mechanism (CVE-2020-6016) and an error in the implementation of C++ iterators for sending a group of malicious packages to the target game server and triggering a stack buffer overflow, which ultimately causes the server to crash.

According to experts from Check Point, although the fix for these vulnerabilities was released in September of this year, some third-party game developers have not yet updated their clients.
 

Riku02

Essential
Joined
06.12.20
Messages
51
Reaction score
18
Points
8
Critical vulnerabilities were discovered in the main network library that provides the functionality of Valve online games, the exploitation of which allowed attackers to remotely cause video games to crash and even take control of affected third-party game servers to execute arbitrary code.

Vulnerabilities (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020 — 6019) were discovered in the Game Networking Sockets (GNS) or Steam Sockets library from Valve, an open source network library that provides a "basic transport layer for games", allowing a combination of UDP and TCP features with encryption, greater reliability, and peer-to-peer (P2P) communication.

The attack is related to a problem in the package reassembly mechanism (CVE-2020-6016) and an error in the implementation of C++ iterators for sending a group of malicious packages to the target game server and triggering a stack buffer overflow, which ultimately causes the server to crash.

According to experts from Check Point, although the fix for these vulnerabilities was released in September of this year, some third-party game developers have not yet updated their clients.
 
Top Bottom