RSS   Vulnerabilities for 'Quake ii server'   RSS

2004-12-31
 
CVE-2004-2597

 

 
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.

 
 
CVE-2004-2596

 

 
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.

 
 
CVE-2004-2593

 

 
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.

 
 
CVE-2004-2592

 

 
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.

 

 >>> Vendor: Id software 15 Products
Quake 2 server
Quake 2
Quake
Quakeworld
Quake 3 arena
Quake 2i server
Quake ii server
Quake ii server windows
Quake ii server linux
Quake 3 engine
Return to castle wolfenstein
Quake 3 arena server
Wolfenstein enemy territory
Doom 3
Quake 4


Copyright 2024, cxsecurity.com

 

Back to Top