Technical Description

Two vulnerabilities have been identified in Quake 3 Engine, which could be exploited by remote attackers to take complete control of an affected system or gain unauthorized access to arbitrary files.

The first flaw is due to a buffer overflow error when handling a specially crafted "remapShader" command, which could be exploited by remote attackers to execute arbitrary commands on a vulnerable client via a malicious server.

The second issue is due to an input validation error when handling ".pk3" file download requests, which could be exploited by attackers to download arbitrary files from a vulnerable server via directory traversal attacks.

Affected Products

ET version 2.60
Return to Castle Wolfenstein version 1.41
Quake III Arena version v1.32b
Wolfenstein Enemy Territory
Star Trek Voyager Elite Force

Solution

Quake III Arena - Upgrade to version 1.32c :
http://www.idsoftware.com/
Return to Castle Wolfenstein - Upgrade to version 1.41b :
http://www.idsoftware.com/
Wolfenstein Enemy Territory - Upgrade to version 2.60b :
http://www.idsoftware.com/

References

http://www.vupen.com/english/advisories/2006/1676

Credits

Vulnerabilities reported by landser, Thilo Schulz, and Ludwig Nussel.

ChangeLog

2006-05-05 : Initial release
2006-05-09 : Updated Advisory

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.