|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13013] Quake2 Engine Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Thu Oct 28 2004 - 09:21:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Quake2 Engine Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA13013
VERIFY ADVISORY:
http://secunia.com/advisories/13013/
CRITICAL:
Highly critical
IMPACT:
Spoofing, Manipulation of data, Exposure of sensitive information,
DoS, System access
WHERE:
From remote
SOFTWARE:
Quake2 Engine 2.x
http://secunia.com/product/4184/
DESCRIPTION:
Multiple vulnerabilities have been reported in Quake2 engine, which
can be exploited by malicious people to cause a DoS (Denial of
Service), potentially execute arbitrary code, disclose sensitive
information, conduct spoofing attacks, and corrupt server data for
other clients.
1) An input validation error when handling "Configstrings" and
"Baselines" in the connection process can be exploited to cause the
server to crash by sending a specially crafted request with a
negative offset.
2) A boundary error when parsing command packets can be exploited to
cause a buffer overflow and potentially execute arbitrary code by
sending a specially crafted UDP datagram.
3) An input validation error when requesting missing files such as
maps from a server running Windows can be exploited to download
sensitive files by supplying a specially crafted path.
4) An input validation error when requesting missing files from a
server running Linux can be exploited to cause a server to exit by
requesting a valid directory.
5) An error in the handling of userinfo from the client can be
exploited to spoof the client's IP address by sending a specially
crafted overly long userinfo, which gets truncated by the server.
6) A design weakness can be exploited to cause a server to stop
accepting new clients by continuously sending multiple join
requests.
The vulnerabilities have been reported in version 3.2.x of the
released open source version. Other versions may also be affected.
SOLUTION:
Host only games on trusted networks.
PROVIDED AND/OR DISCOVERED BY:
1-5) Richard Stanway
6) Luigi Auriemma.
ORIGINAL ADVISORY:
http://secur1ty.net/advisories/001
http://aluigi.altervista.org/fakep.htm
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]