According to an advisory and press release from security firm PivX Labs, online gaming systems created by Epic Games are vulnerable to “a laundry list” of dangerous exploits. According to the researchers, the vulnerabilities in Epics Unreal Gaming Engine include “local and remote DoS, DDoS, bounce attacks with spoofed UDP packets, fake players, execution of malicious code without size limitations, Unreal URL crash, and more.” The vulnerable games are said to include:
- Star Trek: The Next Generation: Klingon Honor Guard
- Unreal
- The Wheel of Time
- Deus Ex
- Mobile Forces
- Rune
- Unreal Tournament
- Hired Guns
- Navy Seals
- TNN Outdoor Pro Hunter
- Werewolf
- X-Com: Alliance
- Adventure Pinball
- Americas Army
- Unreal Tournament 2003
While the vulnerabilities were discovered and reported more than 90 days ago, Epic Games is only now developing and distributing fixes for the problems. Owners of these games should check with the vendor to determine what must be done to patch them.
Epic has released a patch for the Epic Games Unreal Tournament Server 436.0. For more information, and a patch to fix this problem, see this article from Security Focus Online.