132377 2006-05-05 13:32 0000 games-fps/quake3-*: Quake 3 Engine "remapShader" Command Buffer Overflow 2006-05-09 22:39:26 0000 1 1 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED FIXED http://secunia.com/advisories/19984/ B2 [glsa] P2 normal --- 1 falco@gentoo.org security@gentoo.org games@gentoo.org l.mierzwa@gmail.com polynomial-c@gentoo.org falco@gentoo.org 2006-05-05 13:32:04 0000 http://secunia.com/advisories/19984/ Description: landser has reported a vulnerability in Quake 3 Engine, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the handling of the "remapShader" command. This can be exploited to cause a buffer overflow via specially crafted "remapShader" commands sent to a client. Successful exploitation may allow arbitrary code execution, but requires that the user is e.g. tricked into connecting to a malicious game server. The vulnerability has been reported in the following software: * ET 2.60. * Return to Castle Wolfenstein 1.41. * Quake III Arena 1.32b. Other versions may also be affected. Solution: Do not connect to non-trusted game servers. Provided and/or discovered by: landser Original Advisory: http://www.milw0rm.com/exploits/1750 carlo@gentoo.org 2006-05-06 05:36:46 0000 Affects also Enemy Territory according to heise.de. falco@gentoo.org 2006-05-06 05:49:49 0000 right can we group games-fps/enemy-territory* and games-fps/quake3* into this unique bug ? wolf31o2@gentoo.org 2006-05-07 07:24:56 0000 Well, since it looks like we won't be getting updated versions of these, I'm going to try to see if there's any unofficial patches which resovle this bug, then mask, if not. carlo@gentoo.org 2006-05-08 02:11:09 0000 http://thilo.kickchat.com/patches/quake3-1.32b-remapshader-fix.diff wolf31o2@gentoo.org 2006-05-08 13:40:24 0000 http://www.bluesnews.com/plans/476/ Even better... id Software has released new versions of all of these binaries. I'll be creating some new ebuilds this evening for them all. falco@gentoo.org 2006-05-08 13:50:53 0000 Thanks Chris wolf31o2@gentoo.org 2006-05-09 06:33:53 0000 *** Bug 132781 has been marked as a duplicate of this bug. *** wolf31o2@gentoo.org 2006-05-09 07:24:29 0000 These are all in the tree now: enemy-territory 2.60b quake3-bin 1.32c rtcw 1.41b They are already tested and marked stable on x86 and amd64. The older versions have been masked, and will probably stay that way for a few days. Everything should be ready for a GLSA now. =] koon@gentoo.org 2006-05-09 09:37:19 0000 Yep, thx falco@gentoo.org 2006-05-09 22:39:26 0000 GLSA-200605-12 , thanks jaervosz