jedi-academy

ioquake/jedi-academy

Fork 0

mirror of https://github.com/ioquake/jedi-academy.git synced 2025-02-13 07:31:46 +00:00

Commit graph

Author	SHA1	Message	Date
Jonathan Gray	8550620849	CVE-2006-3325 arbitrary cvar overwrite CVE-2006-3325 client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. Luigi Auriemma q3cfilevar from Thilo Schulz in ioquake3 svn 811 git 7d51d75b05a9593508040162709043516c0f2a17 - Fix arbitrary cvar overwrite flaw: http://aluigi.altervista.org/adv.htm	2013-05-07 22:18:55 +10:00
Jonathan Gray	039ef2cb4a	ditch dos style newlines	2013-04-23 15:21:39 +10:00
James Monroe	684d1bcb3b	Jedi Academy Release	2013-04-04 17:35:38 -05:00

Author

SHA1

Message

Date

Jonathan Gray

8550620849

CVE-2006-3325 arbitrary cvar overwrite

CVE-2006-3325
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus
Quake 3 Engine (ioquake3) revision 810 and earlier allows remote
malicious servers to overwrite arbitrary write-protected cvars
variables on the client, such as cl_allowdownload for Automatic
Downloading and fs_homepath for the quake3 path, via a string of cvar
names and values sent from the server. NOTE: this can be combined with
another vulnerability to overwrite arbitrary files.

Luigi Auriemma q3cfilevar

from Thilo Schulz in ioquake3
svn 811 git 7d51d75b05a9593508040162709043516c0f2a17

- Fix arbitrary cvar overwrite flaw: http://aluigi.altervista.org/adv.htm

2013-05-07 22:18:55 +10:00

Jonathan Gray

039ef2cb4a

ditch dos style newlines

2013-04-23 15:21:39 +10:00

James Monroe

684d1bcb3b

Jedi Academy Release

2013-04-04 17:35:38 -05:00

3 commits