News Vulnerabilities in the Steam server could allow hackers to hack online games

Jaysu

Jaysu

Banned
Joined
21.09.20
Messages
122
Reaction score
839
Points
63
Critical vulnerabilities were discovered in the main network library that provides the functionality of Valve online games, the exploitation of which allowed attackers to remotely cause video games to crash and even take control of affected third-party game servers to execute arbitrary code.

Vulnerabilities (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020 — 6019) were discovered in the Game Networking Sockets (GNS) or Steam Sockets library from Valve, an open source network library that provides a "basic transport layer for games", allowing a combination of UDP and TCP features with encryption, greater reliability, and peer-to-peer (P2P) communication.

The attack is related to a problem in the package reassembly mechanism (CVE-2020-6016) and an error in the implementation of C++ iterators for sending a group of malicious packages to the target game server and triggering a stack buffer overflow, which ultimately causes the server to crash.

According to experts from Check Point, although the fix for these vulnerabilities was released in September of this year, some third-party game developers have not yet updated their clients.
 
R

Riku02

Regular
Joined
06.12.20
Messages
51
Reaction score
18
Points
8
Jaysu said:
Critical vulnerabilities were discovered in the main network library that provides the functionality of Valve online games, the exploitation of which allowed attackers to remotely cause video games to crash and even take control of affected third-party game servers to execute arbitrary code.

Vulnerabilities (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018, and CVE-2020 — 6019) were discovered in the Game Networking Sockets (GNS) or Steam Sockets library from Valve, an open source network library that provides a "basic transport layer for games", allowing a combination of UDP and TCP features with encryption, greater reliability, and peer-to-peer (P2P) communication.

The attack is related to a problem in the package reassembly mechanism (CVE-2020-6016) and an error in the implementation of C++ iterators for sending a group of malicious packages to the target game server and triggering a stack buffer overflow, which ultimately causes the server to crash.

According to experts from Check Point, although the fix for these vulnerabilities was released in September of this year, some third-party game developers have not yet updated their clients.
Click to expand...
 
You must log in or register to reply here.
Top Bottom