FreeBSD : id Tech 3 -- remote code execution vulnerability (e48355d7-1548-11e7-8611-0090f5f2f347)

High Nessus Plugin ID 99259


The remote FreeBSD host is missing one or more security-related updates.


The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 99259

File Name: freebsd_pkg_e48355d7154811e786110090f5f2f347.nasl

Version: $Revision: 3.2 $

Type: local

Published: 2017/04/10

Modified: 2018/01/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C


Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:ioquake3, p-cpe:/a:freebsd:freebsd:ioquake3-devel, p-cpe:/a:freebsd:freebsd:iourbanterror, p-cpe:/a:freebsd:freebsd:openarena, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/04/07

Vulnerability Publication Date: 2017/03/14

Reference Information

CVE: CVE-2017-6903