Friday June 01, 2018

Steam Client Had a Remote Code Execution Vulnerability for at Least 10 Years

Don't delete your Steam client. The vulnerability has been fixed, but the simple fact of the matter is it was just sitting there for at least ten years. This was a nasty vulnerability that would allow remote code execution on the computer hosting the client. There were no known attacks using this vector, but if there had been it wouldn't have been nice. The good news is after discovering the vulnerability the folks at Context Information Security notified Valve and they released a fix within 8 hours earlier this year. That's a quick response. The moral of the story is all software no matter how secure it seems to be is still a possible vector for malware or worse. Ronald Reagan said it, but verify. Keep up the good work white hats.

News Image

The bug was caused by the absence of a simple check to ensure that, for the first packet of a fragmented datagram, the specified packet length was less than or equal to the total datagram length. This seems like a simple oversight, given that the check was present for all subsequent packets carrying fragments of the datagram.