Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3325

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-3325
Last Modified 07 Mar 2011 09:38:21
Published 30 Jun 2006 07:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3325

Summary

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.

Vulnerable Systems

Application

  • Id Software Quake 3 Engine

  • Id Software Quake 3 Engine 1.32b

  • Id Software Quake 3 Engine 1.32c

  • Id Software Quake 3 Engine Icculus 803

  • Id Software Quake 3 Engine Icculus 804

  • Id Software Quake 3 Engine Icculus 805

  • Id Software Quake 3 Engine Icculus 806

  • Id Software Quake 3 Engine Icculus 807

  • Id Software Quake 3 Engine Icculus 808

  • Id Software Quake 3 Engine Icculus 809

  • Id Software Quake 3 Engine Icculus 810


References

VUPEN - ADV-2006-2569

BID - 18685

BUGTRAQ - 20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

BUGTRAQ - 20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

SECUNIA - 20851

SECUNIA - 20401

MISC - http://aluigi.altervista.org/adv/q3cfilevar-adv.txt

XF - quake3-cvar-file-overwrite(27486)

XF - quake3-clparsedownload-bo(26889)

SREASON - 1171


Last Updated: 27 May 2016 10:42:58