• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: SeriousSam SeriousEngine User Management Remote Denial Of Service Vulnerability

Severity: MODERATE

Description:

SeriousSam SeriousEngine is a game engine developed by Croteam. Games based on the SeriousEngine include Serious Sam: the second encounter, Alpha Black Zero, and Nitro Family. The game engine supports a client/server framework that facilitates network gaming over UDP network communications.

It is reported that the SeriousSam SeriousEngine is susceptible to a remote denial of service venerability. This issue is due to a failure of the game server software to handle many simultaneous connections.

This issue presents itself when the server portion of the game is operating in a multiplayer mode. The game server reportedly fails to impose a limit on the number of simultaneous players that attempt to join the game. Once the server receives a large number of connection requests, it will reportedly crash. Since new players register to the application using UDP datagrams, it allows remote attackers to spoof the source IP address of attacks. Furthermore it is reported that this issue can be triggered without requiring any authentication credentials.

This vulnerability allows remote attackers to crash the affected application, denying service to legitimate users.

It should be noted that this issue was previously classified as affecting the Alpha Black Zero game application solely. Information has been released implicating the underlying game engine; the BID has been updated accordingly.

Affected Products:

• Delphieye Nitro Family 0.0.0
• Playlogic International Alpha Black Zero 1.0.04
• SeriousSam SeriousEngine 0.0.0
• SeriousSam The Second Encounter 1.0.7

References:

• Playlogic International: Alpha Black Zero Home Page
• SeriousEngine.com: SeriousEngine Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.