This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200407-14
(Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries)
The Unreal-based game servers support a specific type of query called
'secure'. Part of the Gamespy protocol, this query is used to ask if the
game server is able to calculate an exact response using a provided string.
Luigi Auriemma found that sending a long 'secure' query triggers a buffer
overflow in the game server.
By sending a malicious UDP-based 'secure' query, an attacker could execute
arbitrary code on the game server.
Users can avoid this vulnerability by not using Unreal Tournament to host
games as a server. All users running a server should upgrade to the latest
See also :
All Unreal Tournament users should upgrade to the latest available
# emerge sync
# emerge -pv '>=games-fps/ut2003-2225-r3'
# emerge '>=games-fps/ut2003-2225-r3'
# emerge -pv '>=games-server/ut2003-ded-2225-r2'
# emerge '>=games-server/ut2003-ded-2225-r2'
# emerge -pv '>=games-fps/ut2004-3236'
# emerge '>=games-fps/ut2004-3236'
# emerge -pv '>=games-fps/ut2004-demo-3120-r4'
# emerge '>=games-fps/ut2004-demo-3120-r4'
Risk factor :
Critical / CVSS Base Score : 10.0
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14547 (gentoo_GLSA-200407-14.nasl)
CVE ID: CVE-2004-0608
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.