Security researchers reported several critical flaws in a core networking library that powers Valve’s online gaming. The flaws could have enabled threat actors to crash games and gain control over third-party game servers remotely. Check Point discovered the vulnerabilities.
First of all, what is Valve? Valve is a well-known US-based video game developer and publisher of Steam and games such as Counter-Strike, Day of Defeat, Half-Life, Team Fortress, Left 4 Dead, and Dota.
Several Critical Flaws in Valve’s Game Networking Sockets Library
During the research, the team uncovered several vulnerabilities in the implementation of the Game Networking Sockets library. The attack scenarios based on the issues are quite versatile.
“For example, when playing against an online opponent, an attacker can remotely crash the opponent’s game client to force a win; under some conditions, they can even perform a “nuclear rage quit” and crash the Valve game server, making sure that no one gets to play,” Check Point explained.
In case someone is playing a game developer by third-parties, attackers can even remotely take over the game server to perform arbitrary code execution. Once server control is obtained, the same flaw can be exploited again to take over all of the connected players.
So, which are the vulnerabilities enabling these attacks? The research team uncovered four separate ones:
The most intriguing one of the list is CVE-2020-6016, as it requires “knowledge of esoteric subjects.” This knowledge includes “the finder details of the C++ standard and the implementation of the GNUC Compiler. “At one crucial moment, when the attack plan seemed lost, we were able to ride in on a clever hack used by C++ in order to enable a more ergonomic use of iterators,” Check Pint added in their report.
According to the official description, CVE-2020-6016 is a Heap-Based Buffer Underflow vulnerability that could lead to memory corruption and RCE:
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.
Fortunately for games, a fix has already been coined. In other words, if you are one of the countless gamers playing Valve’s games through Steam, you are already protected. However, if you are playing third-party games, you may need to wait a few months, as game clients should update independently to mitigate the possible attacks.
If you are interested in a more technical perspective on the vulnerabilities, you should read Check Point’s quite detailed analysis.
In 2018, security researcher Artem Moskowsky discovered a dangerous Valve vulnerability allowing malicious users to reveal the license keys for content available in the store. This means that every computer game or software could be acquired. The problem was located within the Steam developer portal which could be exploited to reveal the license keys for published content on the platform.