This Week In Security: PunkBuster, NAT, NAS And MP3s – Hackaday

It’s not the newest or greatest, however PunkBuster is still running on a lot of game servers even today. One of the functions of PunkBuster is a remote screenshot capture. If a server admin thinks a player is acting oddly, a screenshot demand is sent out. The issue is that the server logic that deals with the incoming image has a loophole. This weakness, integrated with the stateless nature of screenshot requests, indicates that any linked client can compose any file to any place on the server at any time.

It’s not the latest or greatest, but PunkBuster is still running on a bunch of video game servers even today. If a server admin believes a gamer is acting oddly, a screenshot demand is sent out. The issue is that the server logic that manages the incoming image has a loophole.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: