Vulnerability Name:

CVE-2006-3324 (CCN-27486)

Assigned:2006-06-27
Published:2006-06-27
Updated:2018-10-18
Summary:The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: Luigi Auriemma Advisory 27 Jun 2006
Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

Source: MISC
Type: Exploit
http://aluigi.altervista.org/adv/q3cfilevar-adv.txt

Source: MITRE
Type: CNA
CVE-2006-3324

Source: CCN
Type: SA20401
Quake3 Engine File Overwrite And Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20401

Source: CCN
Type: SA20851
Icculus.org Quake3 Engine Two Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
20851

Source: SREASON
Type: UNKNOWN
1171

Source: CCN
Type: quake3 CVS Repository
icculus.org Subversion Repositories - revision - quake3

Source: CONFIRM
Type: UNKNOWN
http://svn.icculus.org/quake3?rev=804&view=rev

Source: CCN
Type: OSVDB ID: 26928
Multiple Vendor Quake 3 Engine Automatic Downloading Option Arbitrary File Overwrite

Source: BUGTRAQ
Type: UNKNOWN
20060627 Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

Source: BUGTRAQ
Type: UNKNOWN
20060628 Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...)

Source: BID
Type: Exploit
18685

Source: CCN
Type: BID-18685
Quake 3 Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2006-2569

Source: XF
Type: UNKNOWN
quake3-cvar-file-overwrite(27486)

Source: XF
Type: UNKNOWN
quake3-cvar-file-overwrite(27486)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:id_software:quake_3_engine:*:*:*:*:*:*:*:*
  • OR cpe:/a:id_software:quake_3_engine:1.32b:*:*:*:*:*:*:*
  • OR cpe:/a:id_software:quake_3_engine:1.32c:*:*:*:*:*:*:*
  • OR cpe:/a:id_software:quake_3_engine:icculus_803:*:*:*:*:*:*:*
  • OR cpe:/a:id_software:quake_3_engine:icculus_804:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    id_software quake 3 engine *
    id_software quake 3 engine 1.32b
    id_software quake 3 engine 1.32c
    id_software quake 3 engine icculus_803
    id_software quake 3 engine icculus_804