Secunia Advisory: SA19984 Print Advisory
Release Date: 2006-05-05
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Quake3 Engine 3.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
landser has reported a vulnerability in Quake 3 Engine, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of the "remapShader" command. This can be exploited to cause a buffer overflow via specially crafted "remapShader" commands sent to a client.
Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious game server.
The vulnerability has been reported in the following software:
* ET 2.60.
* Return to Castle Wolfenstein 1.41.
* Quake III Arena 1.32b.
Other versions may also be affected.
Solution:
Do not connect to non-trusted game servers.
Provided and/or discovered by:
landser
Original Advisory:
http://www.milw0rm.com/exploits/1750
Bollettino di sicurezza
Release Date: 2006-05-05
Critical: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Quake3 Engine 3.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
landser has reported a vulnerability in Quake 3 Engine, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the handling of the "remapShader" command. This can be exploited to cause a buffer overflow via specially crafted "remapShader" commands sent to a client.
Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious game server.
The vulnerability has been reported in the following software:
* ET 2.60.
* Return to Castle Wolfenstein 1.41.
* Quake III Arena 1.32b.
Other versions may also be affected.
Solution:
Do not connect to non-trusted game servers.
Provided and/or discovered by:
landser
Original Advisory:
http://www.milw0rm.com/exploits/1750
Bollettino di sicurezza