remapShader Command Remote Buffer Overflow Vulnerability

callihn · 2006-05-08 09:01:56 UTC

securityfocus:

Quake 3 Engine remapShader Command Remote Buffer Overflow Vulnerability

Bugtraq ID: 17857
Class: Boundary Condition Error
CVE:
Remote: Yes
Local: No
Published: May 05 2006 12:00AM
Updated: May 05 2006 11:00PM
Credit: Discovery is credited to landser <landser@hotmail.co.il>.
Vulnerable: id Software Wolfenstein: Enemy Territory 2.60
id Software Return to Castle Wolfenstein 1.41
id Software Quake 3 Engine 1.32 b
id Software Quake 3 Arena 1.32 b

The Quake 3 engine is susceptible to a remote buffer-overflow vulnerability. This issue is due to the application’s failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Remote attackers may exploit this issue to execute arbitrary machine code in the context of affected game clients. Failed exploit attempts will likely crash affected clients.

This vulnerability reportedly affects the following games:

Quake 3 Arena

Return to Castle Wolfenstein

Wolfenstein: Enemy Territory

Other games may also be affected.

Solution:

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com

http://www.securityfocus.com/bid/17857/info

This is a bad, bad, bad thing, hopefully a fix is already coming down the pipe, since the exploit code is already available. :eek3:

Apparently the open sourced end of things have been patched as of the day after in their SVN, so what’s the holdup on the proprietary and binaries end?

http://www.icculus.org/quake3/?page=news&news_item=2619

Ragnar_40k · 2006-05-08 09:04:17 UTC

http://www.splashdamage.com/index.php?name=pnPHPbb2&file=viewtopic&t=14453

callihn · 2006-05-08 09:15:07 UTC

DOH!!! :banghead: