Published: 08/05/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 765

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

Subscribe to Wolfenstein Enemy Territory

Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote malicious users to execute arbitrary commands via a long remapShader command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
id software wolfenstein enemy territory 2.60
id software quake 3 engine 1.32b
id software return to castle wolfenstein 1.41
id software quake 3 arena 1.32b

Debian Bug report logs - #660834 tremulous: CVE-2006-3325 ("q3cfilevar-B") configuration overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:59:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in vers ...

Debian Bug report logs - #660832 tremulous: CVE-2006-3324 ("q3cfilevar-A") arbitrary file overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:41 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in ver ...

Debian Bug report logs - #660827 tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:39:01 UTC Severity: grave Tags: security Found in version tremulous/1 ...

Debian Bug report logs - #660836 tremulous: CVE-2011-2764, CVE-2011-3012 DLL overwriting by malicious bytecode Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 09:06:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fix ...

Debian Bug report logs - #660831 tremulous-server: CVE-2006-2082 arbitrary file download from server Package: tremulous-server; Maintainer for tremulous-server is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:28 UTC Severity: grave Tags: security Found in version tremulous/110-41 ...

// remap_thisc - "R_RemapShader()" q3 engine 132b client remote bof exploit // by landser - landser at hotmailcoil // // this code works as a preloaded shared library on a game server, // it hooks two functions on the running server: // svc_directconnect() that is called when a client connects, // and sv_sendservercommand() which we use to send ...

NVD-CWE-Other http://www.securityfocus.com/bid/17857 http://secunia.com/advisories/19984 http://www.osvdb.org/25279 http://www.gentoo.org/security/en/glsa/glsa-200605-12.xml http://secunia.com/advisories/20065 http://www.vupen.com/english/advisories/2006/1676 https://exchange.xforce.ibmcloud.com/vulnerabilities/26264 https://www.exploit-db.com/exploits/1750 http://www.securityfocus.com/archive/1/433349/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660834 https://www.exploit-db.com/exploits/1750/

CVE-2006-2236

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect