GLSA-200605-12 : Quake 3 engine based games: Buffer Overflow

This script is Copyright (C) 2006-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200605-12
(Quake 3 engine based games: Buffer Overflow)

landser discovered a vulnerability within the 'remapShader'
command. Due to a boundary handling error in 'remapShader', there is a
possibility of a buffer overflow.

Impact :

An attacker could set up a malicious game server and entice users
to connect to it, potentially resulting in the execution of arbitrary
code with the rights of the game user.

Workaround :

Do not connect to untrusted game servers.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml

Solution :

All Quake 3 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=games-fps/quake3-bin-1.32c'
All RTCW users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=games-fps/rtcw-1.41b'
All Enemy Territory users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=games-fps/enemy-territory-2.60b'

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 21354 (gentoo_GLSA-200605-12.nasl)

Bugtraq ID:

CVE ID: CVE-2006-2236