Gentoo FoundationGLSA-200605-12Quake 3 engine based games: Buffer Overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.3%
Background
Quake 3 is a multiplayer first person shooter.
Description
landser discovered a vulnerability within the “remapShader” command. Due to a boundary handling error in “remapShader”, there is a possibility of a buffer overflow.
Impact
An attacker could set up a malicious game server and entice users to connect to it, potentially resulting in the execution of arbitrary code with the rights of the game user.
Workaround
Do not connect to untrusted game servers.
Resolution
All Quake 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
All RTCW users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
All Enemy Territory users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | games-fps/quake3-bin | < 1.32c | UNKNOWN |
| Gentoo | any | all | games-fps/rtcw | < 1.41b | UNKNOWN |
| Gentoo | any | all | games-fps/enemy-territory | < 2.60b | UNKNOWN |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
93.3%