Critical Vulnerability In Minecraft Can Take Down Game Servers, Researcher Says

Critical Vulnerability In Minecraft Can Take Down Game Servers, Researcher Says

A Pakistani developer Ammar Askar has found a critical vulnerability in the Minecraft that allows an attacker to bring down the game servers.

The vulnerability exploits a feature in Minecraft items from the player’s inventory, which allow storing of arbitrary metadata. Askar created a malicious packet in the metadata that consumes the server's processing power. Since the game sends information (metadata) about the items available in the client to the game server (when it starts), the malicious packet can took down the servers by consuming its processing power.

The JSON representation of the packet :

JSON representation of the packet

Aksar says that he reported the issue to Minecraft’s developer on 28th July 2013. On 19th August 2013, he got a response that its being worked on. But the vulnerability is not fixed yet.
Minecraft version 1.8.3 and Earlier builds are affected.
"The exact problem that caused this bug to go unpatched has been identified. Mojang attempted to implement a fix for this problem, however they did not test their fix against the proof of concept I provided, which still crashed the server perfectly fine, " Askar said in a blog post.

If you want more technical details, you can visit Askar's blog here.

No comments

Powered by Blogger.