May 21st, 2002, 02:09 AM
Vulnerability: id Software Quake II Server Remote Information Disclosure
A vulnerability has been reported in some versions of the Quake II server.
While variable expansion is normally performed on the client side, a modified client may pass unexpanded variables such as $rcon_password to the server. The server will expand these variables within it's local context, potentially leaking sensitive information to the remote attacker.
Exploit: Redix has contributed exploit details:
you must modify your q2 client, that the client will not replace the $... variables in says
change the line
Cmd_TokenizeString (text, true);
Cmd_TokenizeString( text, false);
May 21st, 2002, 02:31 AM
pretty cool how people figure these things out
\"Drastic times call for drastic measures.\"
May 21st, 2002, 04:40 AM
Games are an often overlooked security risk. Although itís mostly limited to crashing you computer or dropping you form the server but still something to be mindful of.
Its not software piracy. Iím just making multiple off site backups.