Blizzard Games exisits critical flaw that conduct DNS Rebinding attack

According to securityaffairs, on January 23 news, Google researcher Tavis Ormandy recently found a serious flaw in the Blizzard game, resulting in millions of computers was DNS Rebinding attack, allowing attackers in the game player’s computer Execute malicious code remotely. At present, Blizzard has added some mitigations to its client version 5996 and said patches for subsequent rollouts will adopt a more stable host whitelist mechanism.

World of Warcraft, Overwatch, Diablo 3, Hearthstone and StarCraft 2 are all popular online games made by Blizzard Entertainment. According to statistics, Blizzard has 500 million online players per month.

Vulnerability information

If a player wants to play Blizzard online with a browser, a client program called “Blizzard Update Agent” needs to be installed in his / her computer system. The application then runs the JSON-RPC server via HTTP protocol on port 1120 so that Execute the “command to install, uninstall, set changes, updates and other maintenance-related options” and other operations.

Ormandy found the Blizzard Update Agent program vulnerable to DNS Rebinding attacks. Because DNS Rebinding allows any website to act as a bridge between an external server and a local host, this means that any website can send privileged commands to the Blizzard Update Agent.

Ormandy first reported the vulnerability to Blizzard in December, but after several communications Blizzard stopped responding to Ormandy’s e-mail and secretly added some mitigation in client version 5996. Blizzard’s solution seems to be to query the client command line, get the exename 32-bit FNV-1a hash, and check if it is on the blacklist. However, Ormandy recommends that Blizzard whitelist its hostname.

After Ormandy disclosed the vulnerability, Blizzard claimed that the patch was being developed and promised to adopt a more stable host whitelist mechanism to fix the vulnerability.

Source: SecurityAffairs