Uploaded image for project: 'Minecraft: Java Edition'
  1. Minecraft: Java Edition
  2. MC-79152

Security vulnerablities involving skulls

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Resolution: Fixed
    • Affects Version/s: Minecraft 1.8.1, Minecraft 1.8.3
    • Fix Version/s: Minecraft 1.8.4
    • Labels:
      None
    • Environment:
      Windows 8/8.1, Java 1.7 and 1.8
    • Confirmation Status:
      Unconfirmed

      Description

      Hello, my name is Dylan Katz. I'm a sixteen year old developer, and I've discovered a critical security bug in the Minecraft client that can be exploited in multiple ways. The key to exploiting this vulnerability is the failure to validate custom textures on player skulls. Please note that this is an awesome feature and by all means should continue to exist, but validation should be applied to the image size. The lack of this validation allows two situations. First, it allows a server to force clients to send massive traffic to any given website, essentially turning the Minecraft client into a botnet member. There appears to be some caching of skull URLs, but this can be bypassed simply by adding a get parameter with a random value ending in ".jpg", For instance, "?test=" + Math.random() + ".jpg". This allows for hundreds or even thousands of requests to be sent by the client by spawning in hundreds or thousands of skull blocks.

      This brings us to the second method of potential exploitation of this bug. If enough skulls are sent with a large image, a client-side Blue Screen of Death can be reproduced reliably with the message "DRIVER_IRQL_NOT_LESS_OR_EQUAL (e22w7x64.sys)", though I've only tested this on windows 8 and windows 8.1. This bug is extremely dangerous to both the client and online services that may be targeted.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                DevDylan .
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: