Steam Client vulnerability found

seanreisk

[H]ard|Gawd
Joined
Aug 29, 2011
Messages
1,711
[clicks stopwatch] Let's see how long it takes Valve to patch it now that it's in the spotlight.
 
Last edited:

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,295
News topics get posted in multiple places all the time. No need to get your knickers in a twist over it.

Who said I got my "knicker in a twist" I am simply reporting a redundant post so it can be combined or fixed.
Criticisms or corrections does not need to be negatively fueled.

it is sad though that so many ppl think of corrections as an attack these days.
 

Krazy925

Supreme [H]ardness
Joined
Sep 29, 2012
Messages
5,946
It was on the "top 10" list when it was posted. That's why I knew
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,295
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.

You sure seem very aggravated for someone telling other people to untwist their knickers
Did you get offended that I tried to avoid the split topic debate?
 

Krazy925

Supreme [H]ardness
Joined
Sep 29, 2012
Messages
5,946
You sure seem very aggravated for someone telling other people to untwist their knickers
Did you get offended that I tried to avoid the split topic debate?
Aggravated? I was just thanking the OP for posting it here and correcting you for trying to be snarky about it being buried in some sub forum people don’t surf to.

Maybe go back to the other sub forum if that’s where you want to have your discussion? Especially since you’ve added 0 to the discussion other than attempts to derail it.
 

GoodBoy

2[H]4U
Joined
Nov 29, 2004
Messages
2,076
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,295
Aggravated? I was just thanking the OP for posting it here and correcting you for trying to be snarky about it being buried in some sub forum people don’t surf to.

Maybe go back to the other sub forum if that’s where you want to have your discussion? Especially since you’ve added 0 to the discussion other than attempts to derail it.

Why are you thanking op by responding to me? Seems like a far fetched "backpedaling"

I'm pretty sure "Now go untwist those dirty knickers." is not a thanking of the op.
 

SvenBent

2[H]4U
Joined
Sep 13, 2008
Messages
3,295
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..

Correct
Seems like HackerOne was to quick to dismiss it from the article.
 

Jagger100

Supreme [H]ardness
Joined
Oct 31, 2004
Messages
7,666
Wow I might be elevated to Admin in my own Admin account on my own PC.

The real problem here is 'remote' and how remote access can be left on at all. There should be a clear 'allow remote access' button defaulted to off and the majority of users security risk like this goes to near zero.
 

Krazy925

Supreme [H]ardness
Joined
Sep 29, 2012
Messages
5,946
Why are you thanking op by responding to me? Seems like a far fetched "backpedaling"

I'm pretty sure "Now go untwist those dirty knickers." is not a thanking of the op.
Because you keep tagging me to come back.

I also see that you’ve still added 0 to the conversation.

So great work, I guess.

I’m not backpedaling, you can’t seem to handle just being wrong.

Here we are with two whole threads in two sub forums and look the world is still spinning blessed by Kyle himself. This one that gets more unique views than the sub forum you linked.

So keep up the good work at trying to be snarky then defending it to the death.
 

polonyc2

Fully [H]
Joined
Oct 25, 2004
Messages
20,308
So Valve hasn't even acknowledged it, and the ppl at HackerOne keep saying it is out of scope, just because he used a 3rd party utility to make reg adds easier? That shit is not hard to do all commandline...

ugh..

Gabe and company are hard at work on a fix as we speak...it's on the to do list right after finishing Half Life 3
 

dgz

Supreme [H]ardness
Joined
Feb 15, 2010
Messages
5,838
Gabe and company are hard at work on a fix as we speak...it's on the to do list right after finishing Half Life 3

Wrong. Half-Life 3 was finished long ago. If you need proof, tell me where it is.

tee hee hee
 

Mode13

Gawd
Joined
Jun 11, 2018
Messages
878
Half-Life 3 obviously needs administrative rights to run, because it's so incredible it replaces windows with CitadelOS

How do you disable remote access on windows 10? I use win specifically for games and nothing else.. my start menu still yells that it wants to get to know me better all the time too
 

clockdogg

[H]ard|Gawd
Joined
Dec 12, 2007
Messages
1,135
I don’t use the top 10 list.

I use mengay/soapbox/news/FSFT.

This is important enough that cross posting isn’t a big deal.

Even el jefe agrees.

We’re all happy you knew but now a whole lot more do. Now go untwist those dirty knickers.

I use the Bottom 10 List. Makes my X58 rig feel current and edgy.
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,504
I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.
 

Lifelite

Supreme [H]ardness
Joined
Aug 26, 2015
Messages
4,635
You'd think after the FighterAce thread people would learn not to dig themselves into a hole. :p
 

Lifelite

Supreme [H]ardness
Joined
Aug 26, 2015
Messages
4,635
I mean fighterace turned off notifications though.

Dastardly bastard he is.
h0C1582AC.jpg
 

sharknice

2[H]4U
Joined
Nov 12, 2012
Messages
2,538
I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.

There are thousands of games from thousands of developers on steam, many of them from no name indy developers. Thats a large amount of people that could sneak an exploit into their game.

But you don't just have to worry about the developers being malicious, a hacker could compromise a developer and put the hack in their game without them knowing. There are a lot of exploits around doing that and a lot of amateur developers on steam.

And you also have to worry about every other program you decide to download and run getting unrestricted access just because you have steam installed.
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,504
There are thousands of games from thousands of developers on steam, many of them from no name indy developers. Thats a large amount of people that could sneak an exploit into their game.

But you don't just have to worry about the developers being malicious, a hacker could compromise a developer and put the hack in their game without them knowing. There are a lot of exploits around doing that and a lot of amateur developers on steam.

And you also have to worry about every other program you decide to download and run getting unrestricted access just because you have steam installed.

Those are all reasons to patch it but not reasons to worry about it IMO.

The only games I would worry about are sketchy looking f2p or trading card oriented games which I would never install and it's unlikely a dev would get their steam account hacked. Not to mention most people wouldn't think twice about UAC popping up when installing a game anyways so there's not much benefit.

You should always be careful of anything you download and run and once again when I do run something it usually pops a UAC warning anyways which is all this avoids. Apparently the POC also breaks both steam and msiserver which means it's anything but stealthy and a broken installer service would help limit any further damage.
 

GoodBoy

2[H]4U
Joined
Nov 29, 2004
Messages
2,076
the best thing about this thread isnt the news but those 2 guys fighting
The first rule of Fight Club: You do not talk about fight club.
The second rule of Fight Club, you DO NOT talk about fight club..

I might be missing something but it sounds to me like it requires either the ability to download and execute a file or downloading a malicious game directly from Steam, if that's the case it seems like a rather narrow attack vector. Obviously any escalation of privileges exploit is something that needs to be fixed but I'm more concerned the group they use to screen exploit reports didn't feel like it was something worth fixing at all.

Nothing needs downloaded for this attack vector, it can all be done with command line. The guy showing it to HackerOne used a utility that makes registry adds easier, but that is not at all necessary to pull this off.

The shit needs fixed...
 

Ebernanut

[H]ard|Gawd
Joined
Dec 15, 2010
Messages
1,504
Nothing needs downloaded for this attack vector, it can all be done with command line. The guy showing it to HackerOne used a utility that makes registry adds easier, but that is not at all necessary to pull this off.

The shit needs fixed...
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.
 

ccityinstaller

Supreme [H]ardness
Joined
Feb 23, 2007
Messages
4,241
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.

Yes you still need to DL a malicious file, but the argument is that with the 100k+ (just a number I picked outta my rest end) different games on Steam and with the fact that Valve doesn't not inspect source code at all means it would be very easy for a "developer" to do this knowingly not unknowingly due to bring comprised on their end.


HackerOnr should lose their bug bounty program from Valve over this. The guy got Fed up and just decided to scorch the Earth to bring attention to it. I dunno if that was right or wrong, but Valve cannot ignore it anymore.
 

Meeho

Supreme [H]ardness
Joined
Aug 16, 2010
Messages
5,333
From what I read it used that to create the symlinks required for the escalation of privileges but still required downloading and executing a malicious file. I could be wrong though since the Ars article is a mess, they spend half the time ranting and don't do a very good explaining critical steps.

I do agree it needs fixed and Valve certainly deserves some flack for handling it poorly but I don't see this as a very scary exploit.
Most attack vectors require downloading something. It doesn't have to be through Steam in this case, it could be anything. The issue is that this exploit doesn't require special privileges, so it can be trivially executed and your whole PC could be compromized without gaining access to admin rights. This is a huge issue.
 
  • Like
Reactions: Aix.
like this
Top