Steam contains account bypass flaw, researcher says

By

Disclosed publicly after support ticket closed.

A remote code execution vulnerability has been discovered in the Steam gaming client that could allow attackers to bypass user account controls.

Steam contains account bypass flaw, researcher says

Steam was the online gaming environment developed by Valve and used by some 54 million players.

On 17 September, London-based penetration tester Graham Sutherland (@gsuberland) disclosed the flaw to Valve via its support ticket system. He included full technical details and a potential fix.

In an addendum sent five days later, he said malware could from guest gain administrative rights by waiting for Steam to escalate privileges before exploiting the vulnerability.

Sutherland disclosed details of the flaw on his blog after Valve closed the support ticket and failed to follow up with him on whether it was moving to patch the vulnerability.

Sutherland said:

"I have discovered a vulnerability within the Steam client application that allows for arbitrary memory copies to be initiated within the Steam process. These issues can be triggered at multiple crash sites, and range in severity from unexploitable crash (denial of service) to full compromise of the process.

Valve has been contacted for comment.

Other researchers writing on Reddit said they had had success reporting flaws to security(AT)steampowered.com.

Technical details of the vulnerability were available on Sutherland's blog.

The disclosure came almost exactly a year after a series of vulnerabilities were reported in the Steam platform that included overflows, the ability to write arbitrary text to file and direct victims to external payloads.

And in August this year, Steam users were found to be targeted by the Ramnit trojan that stole login credentials from victims.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?