First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 132377
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Raphael Marichez <falco@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 132377 depends on: Show dependency tree
Bug 132377 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-05-05 13:32 0000 
http://secunia.com/advisories/19984/

Description:
landser has reported a vulnerability in Quake 3 Engine, which potentially can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of the
"remapShader" command. This can be exploited to cause a buffer overflow via
specially crafted "remapShader" commands sent to a client.

Successful exploitation may allow arbitrary code execution, but requires that
the user is e.g. tricked into connecting to a malicious game server.

The vulnerability has been reported in the following software:
* ET 2.60.
* Return to Castle Wolfenstein 1.41.
* Quake III Arena 1.32b.

Other versions may also be affected.

Solution:
Do not connect to non-trusted game servers.

Provided and/or discovered by:
landser

Original Advisory:
http://www.milw0rm.com/exploits/1750

------- Comment #1 From Carsten Lohrke 2006-05-06 05:36:46 0000 ------- 
Affects also Enemy Territory according to heise.de.

------- Comment #2 From Raphael Marichez 2006-05-06 05:49:49 0000 ------- 
right

can we group games-fps/enemy-territory* and games-fps/quake3* into this unique
bug ?

------- Comment #3 From Chris Gianelloni (RETIRED) 2006-05-07 07:24:56 0000 ------- 
Well, since it looks like we won't be getting updated versions of these, I'm
going to try to see if there's any unofficial patches which resovle this bug,
then mask, if not.

------- Comment #4 From Carsten Lohrke 2006-05-08 02:11:09 0000 ------- 
http://thilo.kickchat.com/patches/quake3-1.32b-remapshader-fix.diff

------- Comment #5 From Chris Gianelloni (RETIRED) 2006-05-08 13:40:24 0000 ------- 
http://www.bluesnews.com/plans/476/

Even better... id Software has released new versions of all of these binaries. 
I'll be creating some new ebuilds this evening for them all.

------- Comment #6 From Raphael Marichez 2006-05-08 13:50:53 0000 ------- 
Thanks Chris

------- Comment #7 From Chris Gianelloni (RETIRED) 2006-05-09 06:33:53 0000 ------- 
*** Bug 132781 has been marked as a duplicate of this bug. ***

------- Comment #8 From Chris Gianelloni (RETIRED) 2006-05-09 07:24:29 0000 ------- 
These are all in the tree now:

enemy-territory 2.60b
quake3-bin 1.32c
rtcw 1.41b

They are already tested and marked stable on x86 and amd64.  The older versions
have been masked, and will probably stay that way for a few days.  Everything
should be ready for a GLSA now.  =]

------- Comment #9 From Thierry Carrez (RETIRED) 2006-05-09 09:37:19 0000 ------- 
Yep, thx

------- Comment #10 From Raphael Marichez 2006-05-09 22:39:26 0000 ------- 
GLSA-200605-12 , thanks jaervosz
First Last Prev Next    No search results available      Search page      Enter new bug