Quake 3 engine based games: Buffer Overflow
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200605-12 / quake |
| Release Date |
May 10, 2006 |
| Latest Revision |
May 10, 2006: 01 |
| Impact |
normal |
| Exploitable |
remote |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| games-fps/quake3-bin |
<
1.32c |
>=
1.32c |
All supported architectures
|
| games-fps/rtcw |
<
1.41b |
>=
1.41b |
All supported architectures
|
| games-fps/enemy-territory |
<
2.60b |
>=
2.60b |
All supported architectures
|
Related bugreports:
#132377
Synopsis
The Quake 3 engine has a vulnerability that could be exploited to execute
arbitrary code.
2.
Impact Information
Background
Quake 3 is a multiplayer first person shooter.
Description
landser discovered a vulnerability within the "remapShader"
command. Due to a boundary handling error in "remapShader", there is a
possibility of a buffer overflow.
Impact
An attacker could set up a malicious game server and entice users
to connect to it, potentially resulting in the execution of arbitrary
code with the rights of the game user.
3.
Resolution Information
Workaround
Do not connect to untrusted game servers.
Resolution
All Quake 3 users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
|
All RTCW users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
|
All Enemy Territory users should upgrade to the latest version:
Code Listing 3.3: Resolution |
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"
|
4.
References
|
