Quake 3 Engine Message Denial of Service Vulnerability
BID:12976
Info
Quake 3 Engine Message Denial of Service Vulnerability
| Bugtraq ID: | 12976 |
| Class: | Unknown |
| CVE: |
CVE-2005-0983 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 02 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Discovered by Luigi Auriemma <aluigi@..>. |
| Vulnerable: |
Raven Software Soldier Of Fortune 2 1.0 3 Raven Software Soldier Of Fortune 2 1.0 2 LucasArts Star Wars Jedi Knight: Jedi Academy 1.0.11 LucasArts Star Wars Jedi Knight II: Jedi Outcast 1.0.4 id Software Quake 3 Arena Server 1.29 g id Software Quake 3 Arena Server 1.29 f id Software Quake 3 Arena 1.31 id Software Quake 3 Arena 1.16 n id Software Quake 3 Arena 1.1.7 id Software Quake 3 Arena 1.1.7 Activision Wolfenstein: Enemy Territory 2.56 Activision Wolfenstein: Enemy Territory 1.0.2 Activision Return to Castle Wolfenstein 1.1 Activision Return to Castle Wolfenstein 1.0 Activision Call of Duty United Offensive 1.41 Activision Call of Duty United Offensive 1.5.1 b Activision Call of Duty 1.5 b Activision Call of Duty 1.4 |
| Not Vulnerable: |
Activision Wolfenstein: Enemy Territory 2.60 |
Discussion
Quake 3 Engine Message Denial of Service Vulnerability
A denial of service vulnerability reportedly affects the Quake 3 engine. The vulnerability can be exploited remotely. Messages sent by clients that are greater than 1022 characters in length will cause the server to crash. It is not known what precisely causes the crash. It may be due to a buffer overflow vulnerability. If that is the cause, remote code execution could be possible.
A denial of service vulnerability reportedly affects the Quake 3 engine. The vulnerability can be exploited remotely. Messages sent by clients that are greater than 1022 characters in length will cause the server to crash. It is not known what precisely causes the crash. It may be due to a buffer overflow vulnerability. If that is the cause, remote code execution could be possible.
Exploit / POC
Quake 3 Engine Message Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Quake 3 Engine Message Denial of Service Vulnerability
Solution:
According to the advisory author, only Wolfenstein: Enemy Territory 2.60 includes a fix for this vulnerability.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
According to the advisory author, only Wolfenstein: Enemy Territory 2.60 includes a fix for this vulnerability.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Quake 3 Engine Message Denial of Service Vulnerability
References:
References:
- In-game players kicking in the Quake 3 engine (Luigi Auriemma