When a server owner downloads and installs this malicious map onto his server, the Squirrel script is executed, escapes its VM, and takes control of the server machine. This is the case with cloud services such as, for example Twilio Electric Imp or video games such as Counter-Strike: Global Offensive and Portal 2 which attract millions of players monthly.įor example, in a real-world scenario, an attacker could embed a malicious Squirrel script into a community map and distribute it via the trusted Steam Workshop.
This attack vector becomes relevant when a Squirrel Engine is used to execute untrusted code.
ImpactĪn attacker can exploit an Out-Of-Bounds Read vulnerability (CVE-2021-41556) to escape a Squirrel VM and gain access to the underlying machine. It enables an attacker to bypass the sandbox restrictions and execute arbitrary code within a SquirrelVM, giving the attacker full access to the underlying machine. In this blog post, we break down a vulnerability we discovered in the core of Squirrel which was developed in C. In order to prevent malicious actors from exploiting this, the Squirrel Engine is carefully sandboxed within the CS:GO process. Some of the most popular community-created items have been downloaded millions of times in the popular Steam shop. However, this freedom comes with a price: Anyone who downloads and hosts such an item from the community executes Squirrel code without any warning. For example, the extremely popular game Counter-Strike: Global Offensive (CS:GO) attracts millions of players on a monthly basis and utilizes the Squirrel Engine to enable anyone to create custom game modes and maps. SquirrelLang is an interpreted, open-source programming language that is used by video games and cloud services for customization and plugin development.
0 kommentar(er)
