Neodyme researchers discovered three distinct RCE vulnerabilities in Counter-Strike: Global Offensive, where each vulnerability is exploited through a malicious Python server upon game client connection.
Despite fixing several critical vulnerabilities with a patch dated 04/28/2021, Counter-Strike: Global Offensive remains popular with 21 million monthly players, largely due to the range of game modes available on community servers.
The extensive availability of game modes, community servers, and modding support in Counter-Strike: Global Offensive results in a significant attack surface, with various parsers handling potentially malicious data directly from the game’s server.
The source engine’s TCP-like network stack, which is based on UDP, presents inherent complexities and vulnerabilities that have been exploited in previous attacks.
While cheater communities like UnknownCheats are frustrating for gamers, they provide valuable resources for security researchers, such as detailed reverse engineering posts and cheat tools that aid in understanding the network protocols.
Debug symbols, which provide recognizable function names and class structures, are a useful reverse engineering aid that can inadvertently be included in the final binaries of a game when programmers forget to remove them.
The April 2017 version of CS: GO for macOS unintentionally included full debug symbols, which could be automatically identified through tools like SteamDB and old repositories. However, Valve appears to have disabled the ability to download older versions via SteamCMD.
Here below, we have mentioned all the vulnerabilities that the cybersecurity researchers discover:-
All four bugs are used as part of the entire bug chain to perform the following illicit tasks:-
Here in the below video, you can see the flaws in action:-
Moreover, security researchers (Felipe and Alain) affirmed that it’s impossible to say the time they have spent on this bug-hunting project.
Meeting on Discord in the evenings to collaborate, program, and analyze findings, Alain, with around 250 hours of CS: GO gameplay but no online matches, joined forces with others to quickly discover bugs.
However, a significant amount of time was dedicated to creating an elaborate RCE demonstration required by Valve’s bug bounty program.
Following considerable pressure and the threat of full disclosure, the identified bugs were eventually patched, but the resulting payout of 7.5k per bug fell below their initial expectations.
Struggling to Apply The Security Patch in Your System? –
Try All-in-One Patch Manager Plus
In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…
Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…
The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…
In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…
A recent campaign has been observed to be delivering DJvu ransomware through a loader that…
In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…