A vulnerability in Minecraft mods could allow hackers to remotely execute arbitrary code

Short description

Summarize this content to 100 words Experts say they have discovered mods for Minecraft that allow attackers to remotely execute arbitrary code on game servers and users’ machines. With the help of the vulnerability, hackers can gain access to user data and use the end device to form a botnet.The Minecraft Malware Prevention Alliance (MMPA) community has reported that many popular Minecraft mods contain the BleedingPipe vulnerability, which allows hackers to launch remote arbitrary code execution. The vulnerability is mainly found in Forge-based Minecraft mods, but the community claims that the bug can affect any other version of the game.The error was first reported in March 2022. Then users reported a vulnerability they discovered in the BDLib repository. The developers of the MineYourMind server and the Enigmatica 2 Expert mod pack have since reported the same bug in their products.On July 9, 2023, the same bug was reported on the Forge forum, noting that it could be used by attackers to compromise the server and obtain Discord account credentials and Steam session logs from it. Then, according to Forge representatives, the problem affected EnderCore, BDLib and LogisticsPipe mods. However, the message from the Forge administration did not reach the users.The MMPA community has compiled a list of popular mods affected by the vulnerability:EnderCore;Logistics Pipes;BDLib 1.7-1.12;Smart Moving 1.12;Brazier;DankNull;Gadomancy.Server administrators are advised to check the server directory for suspicious files and to refrain from using affected mods until their developers fix the vulnerability. Players should scan the directory on the machine .minecraft using jSus or jNeedle utilities. Vulnerability is a common bug with serialization ObjectInputStream in Java.

A vulnerability in Minecraft mods could allow hackers to remotely execute arbitrary code

Experts say they have discovered mods for Minecraft that allow attackers to remotely execute arbitrary code on game servers and users’ machines. With the help of the vulnerability, hackers can gain access to user data and use the end device to form a botnet.

The Minecraft Malware Prevention Alliance (MMPA) community has reported that many popular Minecraft mods contain the BleedingPipe vulnerability, which allows hackers to launch remote arbitrary code execution. The vulnerability is mainly found in Forge-based Minecraft mods, but the community claims that the bug can affect any other version of the game.

The error was first reported in March 2022. Then users reported a vulnerability they discovered in the BDLib repository. The developers of the MineYourMind server and the Enigmatica 2 Expert mod pack have since reported the same bug in their products.

On July 9, 2023, the same bug was reported on the Forge forum, noting that it could be used by attackers to compromise the server and obtain Discord account credentials and Steam session logs from it. Then, according to Forge representatives, the problem affected EnderCore, BDLib and LogisticsPipe mods. However, the message from the Forge administration did not reach the users.

The MMPA community has compiled a list of popular mods affected by the vulnerability:

  • EnderCore;

  • Logistics Pipes;

  • BDLib 1.7-1.12;

  • Smart Moving 1.12;

  • Brazier;

  • DankNull;

  • Gadomancy.

Server administrators are advised to check the server directory for suspicious files and to refrain from using affected mods until their developers fix the vulnerability. Players should scan the directory on the machine .minecraft using jSus or jNeedle utilities. Vulnerability is a common bug with serialization ObjectInputStream in Java.

Related posts