Exploitable ET-bug
•
6 May 2006, 12:19
•
Journals
lo :)
As heise online (www.heise.de/newsticker/meldung/72780 - german) reports, an exploitable bug (buffer overflow) has been found in the quake3-engine. Futher, a proof-of-concept exploit has been developped demonstrating the possibility to run arbitrary code on the client.
This exploit is triggered by a client connecting to a prepared gameserver and opens a remote shell on the client listening at port 27960. At the moment the exploit only targets linux systems, but a windows version is only a matter of time and someone coding it, so watch out to what servers u connect to.
all versions of ET are vulnerable
As heise online (www.heise.de/newsticker/meldung/72780 - german) reports, an exploitable bug (buffer overflow) has been found in the quake3-engine. Futher, a proof-of-concept exploit has been developped demonstrating the possibility to run arbitrary code on the client.
This exploit is triggered by a client connecting to a prepared gameserver and opens a remote shell on the client listening at port 27960. At the moment the exploit only targets linux systems, but a windows version is only a matter of time and someone coding it, so watch out to what servers u connect to.
all versions of ET are vulnerable
0
