| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Jun 2006 19:39:03 +0200 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com Subject: Re: Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) A small correction: The cd-key stealing is not possible since the master server address is built-in in the client code. Sorry for this wrong info, I added it almost two weeks ago while taking note of the possible ways for exploitating these bugs and forgot to recheck this method. I have updated the proof-of-concept simply adding the cl_allowdownload cvar, so is no longer needed to enable "Automatic Downloading" on the client since any client with this option disabled or enabled will start to overwrite any file in the system decided by the server of the attacker which has full control over the client's cvars (those write protected too, just like fs_homepath). As already said the PoC is very very basic, relaunch the server or change map if you want to re-overwrite the same file on the same client (useless info, I tell you only in case you are not able to re-overwrite the same file during the same server session and don't know why). BYEZ --- Luigi Auriemma http://aluigi.org http://mirror.aluigi.org
Powered by blists - more mailing lists