| ID |
CVE-2006-3325
|
| Summary |
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_805:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_805:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_806:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_806:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_807:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_807:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_808:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_808:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_809:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_809:*:*:*:*:*:*:*
-
cpe:2.3:a:id_software:quake_3_engine:icculus_810:*:*:*:*:*:*:*
cpe:2.3:a:id_software:quake_3_engine:icculus_810:*:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.0 (as of 18-10-2018 - 16:46) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| refmap
via4
|
| bid | 18685 | | bugtraq | - 20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)
- 20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)
| | misc | http://aluigi.altervista.org/adv/q3cfilevar-adv.txt | | secunia | | | sreason | 1171 | | vupen | ADV-2006-2569 | | xf | - quake3-clparsedownload-bo(26889)
- quake3-cvar-file-overwrite(27486)
|
|
| Last major update |
18-10-2018 - 16:46 |
| Published |
30-06-2006 - 23:05 |
| Last modified |
18-10-2018 - 16:46 |
