---------------------------------------------------------------------- Reverse Engineer Wanted Secunia offers a Security Specialist position with emphasis on reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Quake 3 Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA20946 VERIFY ADVISORY: http://secunia.com/advisories/20946/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote SOFTWARE: Quake3 Engine 3.x http://secunia.com/product/4653/ DESCRIPTION: RunningBon has reported two vulnerabilities in the Quake 3 Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. 1) A boundary error exist in the "CG_ServerCommand()" function when receiving long server commands. This can be exploited to cause a stack-based buffer overflow via overly long server commands sent from the server. Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious server. 2) A boundary error exists in the handling of CS_ITEMs sent from a server. This can be exploited to cause a stack-based buffer overflow by sending overly long values to the client. Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious server. SOLUTION: Only connect to trusted servers. PROVIDED AND/OR DISCOVERED BY: RunningBon ORIGINAL ADVISORY: http://milw0rm.com/exploits/1976 http://milw0rm.com/exploits/1977 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------