Vulnerabilities > CVE-2006-3325 - Multiple vulnerability in Quake 3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
Vulnerable Configurations
Exploit-Db
description Quake 3 Engine Client CS_ITEMS Remote Overflow Exploit (Win32). CVE-2006-3325,CVE-2006-3401. Dos exploit for windows platform file exploits/windows_x86/dos/1977.cpp id EDB-ID:1977 last seen 2016-01-31 modified 2006-07-02 platform windows_x86 port published 2006-07-02 reporter RunningBon source https://www.exploit-db.com/download/1977/ title Quake 3 Engine Client CS_ITEms Remote Overflow Exploit Win32 type dos description Quake 3 Engine Client CG_ServerCommand() Remote Overflow Exploit. CVE-2006-3324,CVE-2006-3325,CVE-2006-3400. Dos exploit for windows platform file exploits/windows/dos/1976.cpp id EDB-ID:1976 last seen 2016-01-31 modified 2006-07-02 platform windows port published 2006-07-02 reporter RunningBon source https://www.exploit-db.com/download/1976/ title Quake 3 Engine Client CG_ServerCommand Remote Overflow Exploit type dos
References
- http://aluigi.altervista.org/adv/q3cfilevar-adv.txt
- http://secunia.com/advisories/20401
- http://secunia.com/advisories/20851
- http://securityreason.com/securityalert/1171
- http://www.securityfocus.com/archive/1/438515/100/0/threaded
- http://www.securityfocus.com/archive/1/438660/100/0/threaded
- http://www.securityfocus.com/bid/18685
- http://www.vupen.com/english/advisories/2006/2569
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26889
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27486