Unreal Tournament Server large negative index memory corruption
| ut-negative-memory-corruption (11305) |  High Risk |
Description:
Unreal Tournament Server could allow a local attacker to execute arbitrary code on the system. A local attacker could create a file with a large negative index value to cause memory corruption and the execution of arbitrary code on the system.
Consequences:
Gain Privileges
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Tue Feb 11 2003 - 11:15:00 CST: Epic Games threatens to sue security researchers.
- BugTraq Mailing List, Tue Feb 11 2003 - 13:31:35 CST: Re: Epic Games threatens to sue security researchers.
- BugTraq Mailing List, Wed Feb 05 2003 - 06:58:07 CST : Unreal engine: results of my research .
- BID-6770: Epic Games Unreal Engine Memory Consumption Denial Of Service Vulnerability
- BID-6772: Epic Games Unreal Engine Package Files Code Execution Vulnerability
- CVE-2003-1432: Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via (1) a packet with a negative size value, which is treated as a large positive number during memory allocation, or (2) a negative size value in a package file.
Platforms Affected:
- Epic Games Unreal Tournament Server 436 and prior
Reported:
Feb 05, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net