Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overflow
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1471

PostPosted: Wed May 10, 2006 7:26 am    Post subject: [ GLSA 200605-12 ] Quake 3 engine based games: Buffer Overfl Reply with quote

Gentoo Linux Security Advisory

Title: Quake 3 engine based games: Buffer Overflow (GLSA 200605-12)
Severity: normal
Exploitable: remote
Date: May 10, 2006
Bug(s): #132377
ID: 200605-12

Synopsis

The Quake 3 engine has a vulnerability that could be exploited to execute arbitrary code.

Background

Quake 3 is a multiplayer first person shooter.

Affected Packages

Package: games-fps/quake3-bin
Vulnerable: < 1.32c
Unaffected: >= 1.32c
Architectures: All supported architectures

Package: games-fps/rtcw
Vulnerable: < 1.41b
Unaffected: >= 1.41b
Architectures: All supported architectures

Package: games-fps/enemy-territory
Vulnerable: < 2.60b
Unaffected: >= 2.60b
Architectures: All supported architectures


Description

landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow.

Impact

An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.

Workaround

Do not connect to untrusted game servers.

Resolution

All Quake 3 users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
All RTCW users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
All Enemy Territory users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"


References

CVE-2006-2236


Last edited by GLSA on Tue Feb 10, 2009 4:17 am; edited 2 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum