Quake 3 Buffer Overflow Vulnerabilities
Hey, all of you Quake 3 players -- don't be going and connecting to untrusted servers, especially if there are any dog brains involved.
Via Secunia.
Description:More here.
RunningBon has reported two vulnerabilities in the Quake 3 Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
1) A boundary error exist in the "CG_ServerCommand()" function when receiving long server commands. This can be exploited to cause a stack-based buffer overflow via overly long server commands sent from the server.
Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious server.
2) A boundary error exists in the handling of CS_ITEMs sent from a server. This can be exploited to cause a stack-based buffer overflow by sending overly long values to the client.
Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious server.
Solution:
Only connect to trusted servers.
posted by Fergie @ 7/04/2006 06:33:00 AM
0 Comments:
Post a Comment
<< Home