Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-3324

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Related bugs and status

CVE-2006-3324 (Candidate) is related to these bugs:

Bug #970819: multiple security vulnerabilities

Summary				In	Importance	Status
	970819	multiple security vulnerabilities		tremulous (Ubuntu)	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

MISC: http://aluigi.altervis...
BID: 18685
SECUNIA: 20401
SECUNIA: 20851
SREASON: 1171
VUPEN: ADV-2006-2569
CONFIRM: http://svn.icculus.org...
XF: quake3-cvar-file-overw...
BUGTRAQ: 20060627 Files and cva...
BUGTRAQ: 20060628 Re: Files and...