Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-3325

Published: 30/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 510
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Id Software

Vulnerability Summary

client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and previous versions allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.

Vulnerable Product Search on Vulmon Subscribe to Product

id software quake 3 engine icculus_804

id software quake 3 engine icculus_805

id software quake 3 engine 1.32c

id software quake 3 engine icculus_803

id software quake 3 engine icculus_810

id software quake 3 engine

id software quake 3 engine 1.32b

id software quake 3 engine icculus_808

id software quake 3 engine icculus_809

id software quake 3 engine icculus_806

id software quake 3 engine icculus_807

Vendor Advisories

Debian CVElist Bug Report Logs: tremulous: CVE-2006-3325 ("q3cfilevar-B") configuration overwriting
Debian Bug report logs - #660834 tremulous: CVE-2006-3325 ("q3cfilevar-B") configuration overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:59:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in vers ...
Debian CVElist Bug Report Logs: tremulous: CVE-2006-3324 ("q3cfilevar-A") arbitrary file overwriting
Debian Bug report logs - #660832 tremulous: CVE-2006-3324 ("q3cfilevar-A") arbitrary file overwriting Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:41 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fixed in ver ...
Debian CVElist Bug Report Logs: tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution
Debian Bug report logs - #660827 tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:39:01 UTC Severity: grave Tags: security Found in version tremulous/1 ...
Debian CVElist Bug Report Logs: tremulous: CVE-2011-2764, CVE-2011-3012 DLL overwriting by malicious bytecode
Debian Bug report logs - #660836 tremulous: CVE-2011-2764, CVE-2011-3012 DLL overwriting by malicious bytecode Package: tremulous; Maintainer for tremulous is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 09:06:13 UTC Severity: grave Tags: security Found in version tremulous/110-41 Fix ...
Debian CVElist Bug Report Logs: tremulous-server: CVE-2006-2082 arbitrary file download from server
Debian Bug report logs - #660831 tremulous-server: CVE-2006-2082 arbitrary file download from server Package: tremulous-server; Maintainer for tremulous-server is (unknown); Reported by: Simon McVittie <smcv@debianorg> Date: Wed, 22 Feb 2012 08:58:28 UTC Severity: grave Tags: security Found in version tremulous/110-41 ...

Exploits

Exploit DB: Quake 3 Engine Client - 'CG_ServerCommand()' Remote Overflow
/* Quake 3 Engine Client CG_ServerCommand() Remote Stack Overflow Exploit (Win32) Written by RunningBon E-Mail: runningbon@gmailcom IRC: ircrizonnet #kik This is a DLL, which gets injected into the server exe You will need Microsoft Detours library to compile this exploit (researchmicrosoftcom/sn/detours/) Use this responsibly You ...
Exploit DB: Quake 3 Engine Client (Windows x86) - CS_ITEms Remote Overflow
/* Quake 3 Engine Client CS_ITEMS Remote Stack Overflow Exploit (Win32) Written by RunningBon E-Mail: runningbon@gmailcom IRC: ircrizonnet #kik This is a DLL, which gets injected into the server exe You will need Microsoft Detours library to compile this exploit (researchmicrosoftcom/sn/detours/) I recommend you compile this with Mi ...

References

NVD-CWE-Otherhttp://aluigi.altervista.org/adv/q3cfilevar-adv.txthttp://www.securityfocus.com/bid/18685http://secunia.com/advisories/20401http://secunia.com/advisories/20851http://securityreason.com/securityalert/1171http://www.vupen.com/english/advisories/2006/2569https://exchange.xforce.ibmcloud.com/vulnerabilities/27486https://exchange.xforce.ibmcloud.com/vulnerabilities/26889http://www.securityfocus.com/archive/1/438660/100/0/threadedhttp://www.securityfocus.com/archive/1/438515/100/0/threadedhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660834https://www.exploit-db.com/exploits/1976/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook