No More Multiplayer

Rogue Trooper, a game from Rebellion, based on the Asura engine has been discovered to have two bugs that could cause a buffer-overflow. This flaw has been ranked by Secunia as being Highly critical, receiving a 4 out of 5 on the threat-o-meter.

This vulnerability affects the 1.0 version, though it is possible to be present in other versions as well. If exploited by hackers, it could allow them to compromise a vulnerable system. This should be taken very seriously and only use Rogue Trooper as a multiplayer server only in a trusted network environment.

There are two problems concerning the Asura Engine Packet. The first one, as seen on Secunia's website, the vulnerability in the PRISM Guard Shield is caused due to a boundary error in the processing of network packets by the included Asura engine when PRISM Guard Shield runs as a server. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet with a type of "0xF007" sent to the vulnerable server (default port 3658/udp).

As I've seen on Luigi Auriemma's site (the guy that discovered the flaws) a buffer-overflow vulnerability is located in the function which handles the 0xf007 packet used for the challenge B query. In this function, the data passed by the client is copied (without checks on its length) to a stack buffer of 256 bytes used for sending the data back to the client, something similar to a ping.

These explanations might be somewhat hard to digest but anyway, there are two things that you need to keep in mind: one thing is that the game is flawed and the second is that to avoid being attacked by malicious users, you need to play Rogue Trooper only on a secure network.

MORE RELATED ARTICLES: Proof of Concept Code Published for Critical IE Vulnerability AOL Vulnerability! Flash Vulnerability Solved 4 Months after Being Spotted OpenOffice Highly Critical Vulnerability Hot Pictures of Paris Hilton Nude Served Through XP Vulnerability