Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3324

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3324
Last Modified 07 Mar 2011 09:38:21
Published 30 Jun 2006 07:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3324

Summary

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Vulnerable Systems

Application

  • Id Software Quake 3 Engine

  • Id Software Quake 3 Engine 1.32b

  • Id Software Quake 3 Engine 1.32c

  • Id Software Quake 3 Engine Icculus 803

  • Id Software Quake 3 Engine Icculus 804


References

VUPEN - ADV-2006-2569

BID - 18685

BUGTRAQ - 20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

BUGTRAQ - 20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

CONFIRM - http://svn.icculus.org/quake3?rev=804&view=rev

SECUNIA - 20851

SECUNIA - 20401

MISC - http://aluigi.altervista.org/adv/q3cfilevar-adv.txt

XF - quake3-cvar-file-overwrite(27486)

SREASON - 1171


Last Updated: 27 May 2016 10:42:58