|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200605-12] Quake 3 engine based games: Buffer Overflow Vulnerability Scan
Vulnerability Scan Summary Quake 3 engine based games: Buffer Overflow
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200605-12
(Quake 3 engine based games: Buffer Overflow)
landser discovered a vulnerability within the "remapShader"
command. Due to a boundary handling error in "remapShader", there is a
possibility of a buffer overflow.
Impact
A possible hacker could set up a malicious game server and entice users
to connect to it, potentially resulting in the execution of arbitrary
code with the rights of the game user.
Workaround
Do not connect to untrusted game servers.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2236
Solution:
All Quake 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/quake3-bin-1.32c"
All RTCW users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/rtcw-1.41b"
All Enemy Territory users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=games-fps/enemy-territory-2.60b"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|