CVE-1999-1502 - Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands v

CVE-1999-1502

Summary

Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.

References

http://marc.info/?l=bugtraq&m=89205623028934&w=2
http://www.securityfocus.com/bid/68
http://www.securityfocus.com/bid/69

Vulnerable Configurations

cpe:2.3:a:id_software:quake:1.9:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake:1.9:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:05)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	68 69
bugtraq	19980408 QuakeI client: serious holes.

Last major update

18-10-2016 - 02:05

Published

08-04-1998 - 04:00

Last modified

18-10-2016 - 02:05