Mojira Archive
BDS-16752

Several network layer vulnerabilities exist that seriously harm the security of the BDS server

Introduction of the situation

Recently, the community received numbers of reports about network attack to BDS servers. After capturing packets and analysis, several serious vulnerabilities were found.
Now we know that through sending malicious attack packets, hackers can make the server crash, or cause the main thread jamming.

Some vulnerability exploitation tools have been published to github, and some have been under a large number of public dissemination. These vulnerabilities cause great harm to BDS server operations.

Realms and Netease are under attack

Not only for BDS servers, these vulnerabilities can also be used to crash XBox Realms servers and the Chinese version of the Netease servers. There have been reports of attacks that by scanning the network segment and conducting a bulk attack, hackers can easily cause a large number of Realms servers to crash and restart

Attack replay tools

Several vulnerabilities or their exploits are attached below as an attachment. The attack can be reproduced using the provided replay tool. The introduction and usage is packed in this zip file

Possible solution

I think it will help to solve these problems:
Identify all incoming packets , and prohibit receiving all packets that are not from the player in the server by checking valid NetworkIdentifier or NetworkHandler::Connection
And then, these replay attacks will never occur any more.

The community have been trying to fix these vulnerabilities to protect ourselves for a long time. Some community fixes can be found at https://github.com/LiteLDev/LiteLoaderBDS/blob/main/LiteLoader/Main/BuiltinBugFix.cpp

Advice & Future

Currently, it is rumored that new vulnerabilities are still being explored and used for attacks. We urge Mojang to pay attention to the related issues, review and check the potential safety hazards for the whole network layer (around NetworkHandler and other code about packets)

Since the vulnerability has been abused, we hope that it can be fixed as soon as possible

Environment

Windows Server 2019, 2016 or any other version

Linked Issues

duplicates1

BDS-15528Please fix CVE-2021-45383 & CVE-2021-45384Fixed

Attachments2

introduction.png
introduction.png

YQ

Vulnerabilities&ReplayTools.zip

YQ

Comments2

Maciej Piornik

Thank you for your report!
We're tracking this issue in BDS-15528, so this ticket is being resolved and linked as a duplicate.

If you would like to add a vote and any extra information to the main ticket it would be appreciated.

If you haven't already, you might like to make use of the search feature to see if the issue has already been mentioned.

Quick Links:
📓 Bug Tracker Guidelines – 📧 Mojang Support
📓 Project Summary – ✍️ Feedback and Suggestions – 📖 BDS Wiki – 📖 FAQs

YQ

I don't think it is duplicate because this provides 3 more other vulnerability and their replay tools
These three new vulnerabilities is serious too, and tools provided can help you better solve these problems

History9

YQ

Changed summary:

Several network layer vulnerabilities exist that seriously compromise the security of the BDS server Several network layer vulnerabilities exist that seriously harm the security of the BDS server

YQ

Added labels: NetworkPacket vulnerability bds

Removed labels:

YQ

Changed description:

Introduction of the situation

0

Recently, the community received numbers of reports about network attack to BDS servers. After capturing packets and analysis, several serious vulnerabilities were found.
0Now we know that through sending malicious attack packets, hackers can make the server crash, or cause the main thread jamming.

0

Some vulnerability exploitation tools have been published to github, and some have been under a large number of public dissemination. These vulnerabilities cause great harm to BDS server operations.

0

Realms and Netease are under attack

0

Not only for BDS servers, these vulnerabilities can also be used to crash XBox Realms servers and the Chinese version of the Netease servers. There have been reports of attacks that by scanning the network segment and conducting a bulk attack, hackers can easily cause a large number of Realms servers to crash and restart

0

Attack replay tools

0

Several vulnerabilities or their exploits are attached below as an attachment. The attack can be reproduced using the provided replay tool. The introduction and usage is packed in this zip file

0

Possible solution

0

I think it will help to solve these problems:
0Identify all incoming packets , and prohibit receiving all packets that are not from the player in the server by checking valid NetworkIdentifier or NetworkHandler::Connection
0And then, these replay attacks will never occur any more.

0

The community have been trying to fix these vulnerabilities to protect ourselves for a long time. Some community fixes can be found at https://github.com/LiteLDev/LiteLoaderBDS/blob/main/LiteLoader/Main/BuiltinBugFix.cpp

0

Advice & Future

0

Currently, it is rumored that new vulnerabilities are still being explored and used for attacks. We urge Mojang to pay attention to the related issues, review and check the potential safety hazards for the whole network layer (around NetworkHandler and other code about packets)

0

Since the vulnerability has been abused, we hope that it can be fixed as soon as possible

Maciej Piornik

Resolution: UnresolvedAwaiting Response

Maciej Piornik

Deleted comment:

Hi

Does ticket BDS-15528 describe your issues?

This ticket will automatically reopen when you reply. 

Maciej Piornik

Resolution: Awaiting ResponseUnresolved

Maciej Piornik

Added duplicates link:
BDS-15528Please fix CVE-2021-45383 & CVE-2021-45384Fixed

Maciej Piornik

Resolution: UnresolvedDuplicate

YQ

Added attachment:

introduction.png
introduction.png

Duplicate
YQ
0
1
Unconfirmed
NetworkPacket bds vulnerability
1.18.10