Quake 3 Engine Server Information Disclosure Vulnerability
BID:17924
Info
Quake 3 Engine Server Information Disclosure Vulnerability
| Bugtraq ID: | 17924 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-2082 |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2006 12:00AM |
| Updated: | Apr 13 2015 09:56PM |
| Credit: | Discovery is credited to Ludwig Nussel and Thilo Schulz <[email protected]>. |
| Vulnerable: |
Raven Software Star Trek Voyager: Elite Force 1.2 Raven Software Star Trek Voyager: Elite Force 1.1 Raven Software Star Trek Voyager: Elite Force 1.0 id Software Return to Castle Wolfenstein 1.41 id Software Quake 3 Engine 1.32 b id Software Quake 3 Arena 1.32 b |
| Not Vulnerable: |
id Software Return to Castle Wolfenstein 1.41b id Software Quake 3 Arena 1.32c |
Discussion
Quake 3 Engine Server Information Disclosure Vulnerability
The Quake 3 engine is susceptible to a remote information-disclosure vulnerability. Affected game servers fail to ensure that only appropriate files may be sent to remote users.
This issue allows remote attackers to gain access to the potentially sensitive contents of arbitrary files on the computer hosting vulnerable game servers. This occurs with the privileges of the targeted game server.
This vulnerability reportedly affects the following games:
- Quake 3 Arena
- Return to Castle Wolfenstein
- Star Trek Voyager: Elite Force
Other games may also be affected.
The Quake 3 engine is susceptible to a remote information-disclosure vulnerability. Affected game servers fail to ensure that only appropriate files may be sent to remote users.
This issue allows remote attackers to gain access to the potentially sensitive contents of arbitrary files on the computer hosting vulnerable game servers. This occurs with the privileges of the targeted game server.
This vulnerability reportedly affects the following games:
- Quake 3 Arena
- Return to Castle Wolfenstein
- Star Trek Voyager: Elite Force
Other games may also be affected.
Exploit / POC
Quake 3 Engine Server Information Disclosure Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
Quake 3 Engine Server Information Disclosure Vulnerability
Solution:
id Software has released patches to address this and other issues.
id Software Quake 3 Arena 1.32 b
id Software Return to Castle Wolfenstein 1.41
Solution:
id Software has released patches to address this and other issues.
id Software Quake 3 Arena 1.32 b
-
id Software Quake III Arena 1.32c Patch (linux)
http://www.idsoftware.com/downloads/shambler.php?id=8001 -
id Software Quake III Arena 1.32c Patch (mac)
http://www.idsoftware.com/downloads/shambler.php?id=8002 -
id Software Quake III Arena 1.32c Patch (win32)
http://www.idsoftware.com/downloads/shambler.php?id=8000
id Software Return to Castle Wolfenstein 1.41
-
id Software Return to Castle Wolfenstein 1.41b Patch (linux)
http://www.idsoftware.com/downloads/shambler.php?id=10001 -
id Software Return to Castle Wolfenstein 1.41b Patch (win32)
http://www.idsoftware.com/downloads/shambler.php?id=10000
References
Quake 3 Engine Server Information Disclosure Vulnerability
References:
References:
- id Software Home Page (id Software)
- Quake3 Arena Homepage (id Software)
- Raven Software Homepage (Raven Software)