jedi-academy/codemp
Jonathan Gray 8550620849 CVE-2006-3325 arbitrary cvar overwrite
CVE-2006-3325
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus
Quake 3 Engine (ioquake3) revision 810 and earlier allows remote
malicious servers to overwrite arbitrary write-protected cvars
variables on the client, such as cl_allowdownload for Automatic
Downloading and fs_homepath for the quake3 path, via a string of cvar
names and values sent from the server. NOTE: this can be combined with
another vulnerability to overwrite arbitrary files.

Luigi Auriemma q3cfilevar

from Thilo Schulz in ioquake3
svn 811 git 7d51d75b05a9593508040162709043516c0f2a17

- Fix arbitrary cvar overwrite flaw: http://aluigi.altervista.org/adv.htm
2013-05-07 22:18:55 +10:00
..
botlib vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
cgame CVE-2005-0984 Buffer overflow in the G_Printf function 2013-05-07 22:18:45 +10:00
client CVE-2006-3325 arbitrary cvar overwrite 2013-05-07 22:18:55 +10:00
encryption ditch dos style newlines 2013-04-23 15:21:39 +10:00
ff ditch dos style newlines 2013-04-23 15:21:39 +10:00
game CVE-2006-3325 arbitrary cvar overwrite 2013-05-07 22:18:55 +10:00
ghoul2 avoid scoped enums which was until very recently a microsoft extension 2013-04-25 23:51:57 +10:00
goblib ditch dos style newlines 2013-04-23 15:21:39 +10:00
icarus vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
jpeg-6 fix #includes to compile on non windows without pch 2013-04-25 23:51:46 +10:00
mp3code rename some files to restore the correct case 2013-04-26 22:27:19 +10:00
null vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
png ditch dos style newlines 2013-04-23 15:21:39 +10:00
qcommon CVE-2006-3325 arbitrary cvar overwrite 2013-05-07 22:18:55 +10:00
Ratl remove surplus tokens after preprocessor directives 2013-05-02 13:47:50 +10:00
Ravl fix some accesses beyond the end of arrays spotted via clang 2013-04-26 22:27:24 +10:00
renderer CVE-2006-2236 Buffer overflow in the Quake 3 Engine 2013-05-07 22:18:45 +10:00
RMG strupr -> Q_strupr 2013-04-26 22:27:21 +10:00
sdl const fixes 2013-05-02 13:47:51 +10:00
server vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
smartheap remove some binary libraries 2013-04-23 15:30:43 +10:00
Splines vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
strings ditch dos style newlines 2013-04-23 15:21:39 +10:00
ui vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
unix vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
win32 vsprintf -> Q_vsnprintf 2013-05-07 22:18:45 +10:00
x_botlib Deleted all the Visual SourceSafe files. 2013-04-06 20:59:34 -04:00
x_exe Deleted all the Visual SourceSafe files. 2013-04-06 20:59:34 -04:00
x_jk2cgame Deleted all the Visual SourceSafe files. 2013-04-06 20:59:34 -04:00
x_jk2game Deleted all the Visual SourceSafe files. 2013-04-06 20:59:34 -04:00
x_ui Deleted all the Visual SourceSafe files. 2013-04-06 20:59:34 -04:00
zlib32 provide a gcc style alternative to the inline asm in zlib 2013-04-26 22:27:20 +10:00
buildvms.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
cleanvms.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
CMakeLists.txt disable some noisy and mostly harmless warnings 2013-05-02 13:47:51 +10:00
CommandLine.txt Jedi Academy Release 2013-04-04 17:35:38 -05:00
install.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
installvms.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
jk2mp.vcproj Jedi Academy Release 2013-04-04 17:35:38 -05:00
JKA_mp.sln Jedi Academy Release 2013-04-04 17:35:38 -05:00
namespace_begin.h ditch dos style newlines 2013-04-23 15:21:39 +10:00
namespace_end.h remove surplus tokens after preprocessor directives 2013-05-02 13:47:50 +10:00
tonet.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
tosend.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
update_MPents.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
VU.bat Jedi Academy Release 2013-04-04 17:35:38 -05:00
WinDed.dsp Jedi Academy Release 2013-04-04 17:35:38 -05:00
WinDed.vcproj Jedi Academy Patch 1.01 2013-04-04 18:21:13 -05:00