Info

Disclosure

May 05, 2006

Discovery

Unknown

Dates

Exploit

May 05, 2006

Solution

Unknown

Description

A remote overflow exists in the Quake 3 Engine. The Quake 3 Engine fails to perform proper bounds checking of the 'remapShader' command resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Vendor Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

id Software	Quake III Arena	1.32b
	Return to Castle Wolfenstein	1.41
	ET	2.60

References

Milw0rm: 1750
Exploit Database: 1750
Bugtraq ID: 17857
Secunia Advisory ID: 19984 20065 33508 39858
CVE ID: 2006-2236 (see also: NVD)
ISS X-Force ID: 26264
VUPEN Advisory: ADV-2006-1676
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-05/0222.html
Vendor Specific News/Changelog Entry: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041396.html
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200901-06.xml
Vendor URL: http://www.idsoftware.com/

Credit

landser - landserhotmail.co.il -

Direct URL: http://osvdb.org/25279

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

id Software

Quake III Arena

Return to Castle Wolfenstein

ET

References

Credit