The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Mans Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pariah | Digital_extreme | * | * |
| Unreal_tournament | Epic_games | 3-1.3 (including) | 3-1.3 (including) |
| Unreal_tournament | Epic_games | 2003 (including) | 2003 (including) |
| Unreal_tournament | Epic_games | 2004 (including) | 2004 (including) |
| Warpath | Groove_games | * | * |
| Dead_mans_hand | Human_head_studios | * | * |
| Shadow_ops | Red_mercury | * | * |
| Postal | Whiptail_interactive | 2 (including) | 2 (including) |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html
- http://osvdb.org/48293
- http://www.securityfocus.com/archive/1/496399/100/0/threaded
- http://www.securityfocus.com/bid/31205
- http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0321.html
- http://osvdb.org/48293
- http://www.securityfocus.com/archive/1/496399/100/0/threaded
- http://www.securityfocus.com/bid/31205