Vulnerabilities > CVE-2004-2595 - Remote vulnerability in ID Software Quake II Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
- http://secunia.com/advisories/13013
- http://secur1ty.net/advisories/001
- http://securitytracker.com/id?1011979
- http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
- http://www.osvdb.org/11184
- http://www.securityfocus.com/bid/11551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17893