[Am-info] id Software Quake II Server Remote Information Disclosure Vulnerability
Fred A. Miller
fm@cupserv.org
Tue, 21 May 2002 14:19:01 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
id Software Quake II Server Remote Information Disclosure Vulnerability
BugTraq ID: 4744
Remote: Yes
Date Published: May 15 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4744
Summary:
Quake II is a multiplayer game released by id Software. The source code
has been made publically available, and versions are available for=20
Windows
and Linux. A vulnerability has been reported in some versions of the=20
Quake
II server.
Quake II allows variable expansion in commands. For example, the
$rcon_password variable will be automatically expanded to the system
password. Under normal usage, these variables are expanded on the client
side before being transmitted to the server.
However, it has been reported that a modified or artifically constructed
client may fail to expand this variable. When the server then processes
the command, it will expand the variable within it's local context. As a
result, a number of system parameters may be disclosed to a remote
attacker, including the server password.
An attacker may exploit this vulnerability to gain administrative rights
to the vulnerable server.
- --=20
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org
- --- SuSE Linux v8.0 Pro---
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjzqj5UACgkQB9vk4ichYXeZFwCfTTpZlzzuuLQUQBhmfBkDKa75
BPYAoIkpdgukMdLIrz1sXy9f0mic4iFx
=3DiEez
-----END PGP SIGNATURE-----