Critical Steam Flaws Could Let Gamers Crash Their Competitors’ Computers!

Share This Post

Game developer Valve has fixed critical 4 bugs in its popular Steam online game platform. If exploited, the flaws could allow a remote attacker to crash an opponent’s game client, take over the computer, & hijack all computers connected to a third-party game server.

Valve fixed critical bugs in its Steam gaming client, which is a platform for popular video games like Counter Strike: Global Offensive, Dota2 & Half Life.

Video Games

Steam is utilised by more than 25m users, & serves as a platform for a number of wildly popular video games, including Counter Strike: Global Offensive, Dota2 and Half Life.

The vulnerabilities, which were disclosed on Thur., were discovered in the network library of Steam, which is known as Steam Sockets. This library is part of a toolkit for 3rd-party game developers.

Gaming Companies

“Video games have reached an all-time-high during the coronavirus pandemic,” Eyal Itkin, security researcher at Check Point, said in a Thur. analysis. “With millions of people currently playing online games, even the slightest security issue can be a serious concern for gaming companies and gamer privacy.

Through the vulnerabilities we found, an attacker could have taken over 100s of 1,000s of gamer computers every day, with the victims being completely blind to it.”

Steam Games

Researchers disclosed the flaws to Valve in Sept.; the vendor rolled out fixes after 3 weeks to different Steam games. Researchers said that in order to apply the patches, Steam gamers were required to install the update before they could launch a game.

The 4 flaws (CVE-2020-6016, CVE-2020-6017, CVE-2020-6018 & CVE-2020-6019) exist in Steam Sockets prior to version v1.2.0. The first 3 CVEs score 9.8 out of 10 on the CVSS scale, making them critical in severity, while the 4th ranks 7.5 out of 10, making it high severity.

Buffer

CVE-2020-6016 exists because Steam Sockets improperly handles “unreliable segments” in the function SNP_ReceiveUnreliableSegment(). This can lead to a heap-based buffer underflow, where the input data is or seems to be shorter than the reserved space.

The flaw linked to CVE-2020-6017 is due to SNP_ReceiveUnreliableSegment() improperly handling long unreliable segments when configured to support plain-text messages, leading to a heap-based buffer overflow (where the input data is longer than the reserved space).

Encrypted Messages

The bug tied to CVE-2020-6018 is due to the improper handling of long encrypted messages in the function AES_GCM_DecryptContext::Decrypt(), leading to a stack-based buffer overflow.

Also, the flaw relating to CVE-2020-6019 stems from the function CConnectionTransportUDPBase::Received_Data() improperly handling inlined statistic messages.

In order to use the flaws, an attacker would need to connect to a target game server. Then, the attacker could launch the exploit by sending bursts of malicious packets to opponent gamers or target servers. No interaction is needed from the target gamer or server.

Server

“From this point, the attacker could deploy the same vulnerability, as both the game clients & game servers are vulnerable, to force the server to take over all connected clients, without any of them noticing,” observed researchers.

That could open up various attack scenarios. One such scenario would include sabotaging online games, in which an attacker is able to crash the server at any time they please, forcing the game to stop for all gamers at once.

Researchers suggest that Valve gamers should make sure that they do not have a notification about a pending update that they should install, though they should already be protected through the fix. Also, they should check that their games have indeed updated.

Update

“Gamers of 3rd-party games should check that their game clients received an update in recent months,” they commented. “If not, they will need to contact the game developers to check when will an update be released.”

Steam has dealt with security issues before. In 2019, a researcher dropped a zero-day vulnerability that affected the Steam game client for Windows, after Valve stated it would not fix it. Valve then published a patch, that the same researcher said can be bypassed & dropped a 2nd zero day.

Virtual Conference January 2021

 

More To Explore

Community Area

Books

Home Workouts

Recipe

spaghetti Bolognese
Days
Hours
Minutes
Seconds