GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed May 10, 2006 7:26 am Post subject: [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overfl |
 |
|
Gentoo Linux Security Advisory
Title: Quake 3 engine based games: Buffer Overflow (GLSA 200605-12)
Severity: normal
Exploitable: remote
Date: May 10, 2006
Bug(s): #132377
ID: 200605-12
Synopsis
The Quake 3 engine has a vulnerability that could be exploited to execute
arbitrary code.
Background
Quake 3 is a multiplayer first person shooter.
Affected Packages
Package: games-fps/quake3-bin
Vulnerable: < 1.32c
Unaffected: >= 1.32c
Architectures: All supported architectures
Package: games-fps/rtcw
Vulnerable: < 1.41b
Unaffected: >= 1.41b
Architectures: All supported architectures
Package: games-fps/enemy-territory
Vulnerable: < 2.60b
Unaffected: >= 2.60b
Architectures: All supported architectures
Description
landser discovered a vulnerability within the "remapShader"
command. Due to a boundary handling error in "remapShader", there is a
possibility of a buffer overflow.
Impact
An attacker could set up a malicious game server and entice users
to connect to it, potentially resulting in the execution of arbitrary
code with the rights of the game user.
Workaround
Do not connect to untrusted game servers.
Resolution
All Quake 3 users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c" |
All RTCW users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b" |
All Enemy Territory users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b" |
References
CVE-2006-2236
Last edited by GLSA on Sun Jan 25, 2015 4:22 am; edited 4 times in total |
|
News & Announcements
