DBSA:2014-0003

From Digibase Knowledge Base
Revision as of 10:30, 17 February 2014 by Kradorex Xeron (talk | contribs) (Created page with "{{DBSAHEAD | TITLE=Valve Anti-Cheat System (VAC) Scans Windows DNS Caches | KEYWORDS=Valve, Steam, Information Disclosure, DNS }} '''DBSA ID:''' {{PAGENAME}} '''Regarding:''...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.

Digibase Security Advisory - Valve Anti-Cheat System (VAC) Scans Windows DNS Caches

Keywords: Valve, Steam, Information Disclosure, DNS

DBSA ID: 2014-0003

Regarding: Valve Anti-Cheat System (VAC) Scans Windows DNS Caches

Writeup: Kradorex Xeron (talk) 10:30, 17 February 2014 (EST)

Date: 2014 02 17

Last Modified: 20140217103009 by Kradorex Xeron

Who should take note: All Steam Users

Classification

Priority: MODERATE

Rationale: Information is disclosed to a remote party without user awareness

Severity: LOW

Rationale: Information submitted is hashed.

Spread of Issue: SINGLE-PLATFORM MODERATE

Rationale: There are many users of the Steam game software platform under Windows

Description

Steam is a game software platform developed and published by the Valve Corporation that is capable of playing multiple games through a single common platform. Recently there was a disclosure that the Valve Anti-Cheat System (VAC) acquires the content of the Windows DNS cache and processes it. Each entry is hashed and submitted to Valve-controlled servers likely for the purpose of checking to ensure cheats or malicious websites are not being utilized.

Processing prior to submission is hashed via md5 and submitted to the VAC servers.

Mitigation/Solution

Despite the fact this mechanism may have legitimate purpose, there is an uninformed information disclosure and should be approached with caution as any potential for disclosure.

If there are confidential or other similar websites that you have recently visited, to prevent potential disclosure of the number of websites you visit or potentially associating yourself with others that visit those sites, it is advised to clear your DNS cache:

Under Windows XP:

  • Press [Windows Key] + [R]
  • Enter into Run: cmd — hit enter.
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

Under Windows Vista/7:

  • Open the Start Menu
  • Enter into the bottom search box: command
  • Right Click Command Line and Start as Administrator (if UAC enabled), start normally otherwise.
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

Under Windows 8/8.1:

  • Press [Windows Key] + [F]
  • Enter into the search box: cmd — hit enter
  • Right Click on the cmd result
  • Click the Advanced button at the bottom and Run as Administrator
  • Enter into the Command Line: ipconfig /flushdns — hit enter
  • Close the Command Line and start Steam as normal.

References