ID GLSA-200605-12 Type gentoo Reporter Gentoo Foundation Modified 2006-05-10T00:00:00
Description
Background
Quake 3 is a multiplayer first person shooter.
Description
landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow.
Impact
An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.
Workaround
Do not connect to untrusted game servers.
Resolution
All Quake 3 users should upgrade to the latest version:
{"published": "2006-05-10T00:00:00", "id": "GLSA-200605-12", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "enchantments": {"vulnersScore": 7.5}, "hash": "85c748b6f19b9ad03a85314205939f040a6a81085566c2d67bb5c0233be71590", "description": "### Background\n\nQuake 3 is a multiplayer first person shooter. \n\n### Description\n\nlandser discovered a vulnerability within the \"remapShader\" command. Due to a boundary handling error in \"remapShader\", there is a possibility of a buffer overflow. \n\n### Impact\n\nAn attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user. \n\n### Workaround\n\nDo not connect to untrusted game servers. \n\n### Resolution\n\nAll Quake 3 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=games-fps/quake3-bin-1.32c\"\n\nAll RTCW users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=games-fps/rtcw-1.41b\"\n\nAll Enemy Territory users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=games-fps/enemy-territory-2.60b\"", "type": "gentoo", "lastseen": "2016-09-06T19:46:06", "edition": 1, "title": "Quake 3 engine based games: Buffer Overflow", "href": "https://security.gentoo.org/glsa/200605-12", "modified": "2006-05-10T00:00:00", "bulletinFamily": "unix", "viewCount": 0, "cvelist": ["CVE-2006-2236"], "affectedPackage": [{"packageVersion": "1.32c", "packageName": "games-fps/quake3-bin", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}, {"packageVersion": "1.41b", "packageName": "games-fps/rtcw", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}, {"packageVersion": "2.60b", "packageName": "games-fps/enemy-territory", "packageFilename": "UNKNOWN", "operator": "lt", "OSVersion": "any", "OS": "Gentoo", "arch": "all"}], "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236", "https://bugs.gentoo.org/show_bug.cgi?id=132377"], "reporter": "Gentoo Foundation", "hashmap": [{"hash": "0b202e895b5f3c37ff114232640d6389", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "cce76a3776e9162bbe0fe73c29620748", "key": "cvelist"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "b41724254624ef762724e4e97d16f4be", "key": "description"}, {"hash": "76c86669e4861b7fe126c6f8fef9cc33", "key": "href"}, {"hash": "99aaa11ed6290477825af20f207e3d0a", "key": "modified"}, {"hash": "777d45bbbcdf50d49c42c70ad7acf5fe", "key": "objectVersion"}, {"hash": "99aaa11ed6290477825af20f207e3d0a", "key": "published"}, {"hash": "62327a5ce402a593fea0cc3f64a21cd2", "key": "references"}, {"hash": "ac1fd6b3deacaf22b54dd1934ae33181", "key": "reporter"}, {"hash": "461b3dc3d2b250ccc63c90007fe775b8", "key": "title"}, {"hash": "365d0fc7d6206ff26e2f2c2a78c91a94", "key": "type"}], "objectVersion": "1.2"}
{"result": {"cve": [{"id": "CVE-2006-2236", "type": "cve", "title": "CVE-2006-2236", "description": "Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.", "published": "2006-05-08T19:02:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2236", "cvelist": ["CVE-2006-2236"], "lastseen": "2017-10-19T11:12:22"}], "openvas": [{"id": "OPENVAS:63157", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200901-06 (tremulous tremulous-bin)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-06.", "published": "2009-01-13T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=63157", "cvelist": ["CVE-2006-2236"], "lastseen": "2017-07-24T12:57:00"}, {"id": "OPENVAS:56727", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200605-12 (quake)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200605-12.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=56727", "cvelist": ["CVE-2006-2236"], "lastseen": "2017-07-24T12:49:59"}, {"id": "OPENVAS:136141256231063157", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200901-06 (tremulous tremulous-bin)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200901-06.", "published": "2009-01-13T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063157", "cvelist": ["CVE-2006-2236"], "lastseen": "2018-04-06T11:39:59"}], "nessus": [{"id": "GENTOO_GLSA-200901-06.NASL", "type": "nessus", "title": "GLSA-200901-06 : Tremulous: User-assisted execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200901-06 (Tremulous: User-assisted execution of arbitrary code)\n\n It has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236).\n Impact :\n\n A remote attacker could entice a user to connect to a malicious games server, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "published": "2009-01-12T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=35350", "cvelist": ["CVE-2006-2236"], "lastseen": "2018-01-13T01:04:54"}, {"id": "GENTOO_GLSA-200605-12.NASL", "type": "nessus", "title": "GLSA-200605-12 : Quake 3 engine based games: Buffer Overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200605-12 (Quake 3 engine based games: Buffer Overflow)\n\n landser discovered a vulnerability within the 'remapShader' command. Due to a boundary handling error in 'remapShader', there is a possibility of a buffer overflow.\n Impact :\n\n An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.\n Workaround :\n\n Do not connect to untrusted game servers.", "published": "2006-05-13T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21354", "cvelist": ["CVE-2006-2236"], "lastseen": "2018-07-12T17:47:14"}], "exploitdb": [{"id": "EDB-ID:1750", "type": "exploitdb", "title": "Quake 3 Engine 1.32b R_RemapShader Remote Client BoF Exploit", "description": "Quake 3 Engine 1.32b R_RemapShader() Remote Client BoF Exploit. CVE-2006-2236. Remote exploit for linux platform", "published": "2006-05-05T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/1750/", "cvelist": ["CVE-2006-2236"], "lastseen": "2016-01-31T14:48:40"}], "osvdb": [{"id": "OSVDB:25279", "type": "osvdb", "title": "Quake 3 Engine remapShader Command Overflow", "description": "## Vulnerability Description\nA remote overflow exists in the Quake 3 Engine. The Quake 3 Engine fails to perform proper bounds checking of the 'remapShader' command resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Technical Description\nAn attacker must trick the victim to connect to a malicious game server in order to exploit this vulnerability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nA remote overflow exists in the Quake 3 Engine. The Quake 3 Engine fails to perform proper bounds checking of the 'remapShader' command resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\nVendor URL: http://www.idsoftware.com/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml)\n[Secunia Advisory ID:19984](https://secuniaresearch.flexerasoftware.com/advisories/19984/)\n[Secunia Advisory ID:20065](https://secuniaresearch.flexerasoftware.com/advisories/20065/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0222.html\nISS X-Force ID: 26264\nGeneric Exploit URL: http://www.milw0rm.com/exploits/1750\nFrSIRT Advisory: ADV-2006-1676\n[CVE-2006-2236](https://vulners.com/cve/CVE-2006-2236)\nBugtraq ID: 17857\n", "published": "2006-05-05T06:47:36", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/osvdb/OSVDB:25279", "cvelist": ["CVE-2006-2236"], "lastseen": "2017-04-28T13:20:22"}], "gentoo": [{"id": "GLSA-200901-06", "type": "gentoo", "title": "Tremulous: User-assisted execution of arbitrary code", "description": "### Background\n\nTremulous is a team-based First Person Shooter game. \n\n### Description\n\nIt has been reported that Tremulous includes a vulnerable version of the ioQuake3 engine (GLSA 200605-12, CVE-2006-2236). \n\n### Impact\n\nA remote attacker could entice a user to connect to a malicious games server, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nTremulous users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=games-fps/tremulous-1.1.0-r2\"\n\nNote: The binary version of Tremulous has been removed from the Portage tree.", "published": "2009-01-11T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/200901-06", "cvelist": ["CVE-2006-2236"], "lastseen": "2016-09-06T19:46:28"}]}}
