Lucene search

MitreCVE-2006-3324

HistoryJun 30, 2006 - 11:05 p.m.

CVE-2006-3324

2006-06-3023:05:00

mitre

web.nvd.nist.gov

automatic downloading

id3 quake 3 engine

icculus quake 3 engine

remote attackers

file overwrite

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.

Affected configurations

Nvd

Node

id_softwarequake_3_engine

id_softwarequake_3_engineMatch1.32b

id_softwarequake_3_engineMatch1.32c

id_softwarequake_3_engineMatchicculus_803

id_softwarequake_3_engineMatchicculus_804

VendorProductVersionCPE
id_softwarequake_3_engine*cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
id_softwarequake_3_engine1.32bcpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
id_softwarequake_3_engine1.32ccpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_803cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
id_softwarequake_3_engineicculus_804cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
id_software	quake_3_engine	*	cpe:2.3:a:id_software:quake_3_engine::::::::
id_software	quake_3_engine	1.32b	cpe:2.3:a:id_software:quake_3_engine:1.32b:::::::*
id_software	quake_3_engine	1.32c	cpe:2.3:a:id_software:quake_3_engine:1.32c:::::::*
id_software	quake_3_engine	icculus_803	cpe:2.3:a:id_software:quake_3_engine:icculus_803:::::::*
id_software	quake_3_engine	icculus_804	cpe:2.3:a:id_software:quake_3_engine:icculus_804:::::::*

References

aluigi.altervista.org/adv/q3cfilevar-adv.txt

secunia.com/advisories/20401

secunia.com/advisories/20851

securityreason.com/securityalert/1171

svn.icculus.org/quake3?rev=804&view=rev

www.securityfocus.com/archive/1/438515/100/0/threaded

www.securityfocus.com/archive/1/438660/100/0/threaded

www.securityfocus.com/bid/18685

www.vupen.com/english/advisories/2006/2569

exchange.xforce.ibmcloud.com/vulnerabilities/27486

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

Related for CVE-2006-3324