Computer Security
[EN] securityvulns.ru no-pyccku


Quake 3 / ioquake3 traffic amplification vulnerability
Published:02.04.2012
Source:
SecurityVulns ID:12307
Type:library
Threat Level:
5/10
Description:Source of getstatus UDP message is not checked.
Affected:IOQUAKE : ioquake3 1.36
 OPENARENA : OpenArena 0.8
 WORLDOFPADMAN : World of Padman 1.5
 WORLDOFPADMAN : Tremulous 1.1
CVE:CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.)
Original documentdocumentSimon McVittie, Traffic amplification via Quake 3-based servers (02.04.2012)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod