A in the client was an open door to hackers for more than 10 years. The was discovered by researcher Tom Court of Contextis, who warned Steam and the good news is that it was quickly shut down by Steam developers Valve.

According to Court, Steam allowed malicious hackers to carry execution attacks. In this way, it was possible to control a user’s machine – The vulnerability was highly since more than 1 million people are using Steam.

This happened because Steam sent UDP (User Datagram Protocol) packets to communicate with the client. The UDP packet is similar to TCP (Transmission Control Protocol), however, it is faster. To exploit the vulnerability, an attacker only had to send an altered UDP packet.

Steam fixes 10-year-old critical remote code execution vulnerability  - steam fixes 10 year old critical remote code execution vulnerability 2 - Steam fixes 10-year-old critical remote code execution vulnerability

According to Valve, there is no indication that malicious hackers took advantage of the vulnerability

“The error was caused by the absence of a simple check to ensure that for the first packet of a fragmented datagram the specific packet size is less than or equal to the total length of the datagram. present for all subsequent packets carrying fragments of the datagram,” noted the researcher in his blog.

After the Steam client encountered this failure, the memory limits of the software were popped up in one of the libraries. In this way, the client became a door open to hackers.

According to Valve, there is no indication that malicious hackers took advantage of the vulnerability. If you have Steam on your machine, ensure that the latest version is installed.



Source link
Based Blockchain Network

LEAVE A REPLY

Please enter your comment!
Please enter your name here