Quake 3 Has Remote-Execution Exploit...

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

Post Reply
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Quake 3 Has Remote-Execution Exploit...

Post by Einhander Sn0m4n »

0uch...
May 5, 2006 - Today, on milw0rm.com, a hacker nicknamed Landser has released a hack that exploits a serious leak in games based on the Quake 3 Engine. It grants hackers full access to take over your computer.

Technically, the leak creates a unsuspicious "boundary error" when sending malformed messages from the gameserver to a client during the remapShader process. Once a buffer overflow occurs, the computer is fully exposed to any type of activities.

Gamers are only at risk if they connect to a gameserver operated by someone with foul intentions.

Games that are currently at risk are RtCW, Quake III Arena and Enemy Territory.

So far, no official reaction has been made by id software to close this leak. It is unsure how long this leak was known to hackers and the game developer.
Posted by Cash
Image

HUMILIATION!!
Image Image
Top
User avatar
Lord Revan
Emperor's Hand
Posts: 12238
Joined: 2004-05-20 02:23pm
Location: Zone:classified

Post by Lord Revan »

What's RtCW? Don't have the other two just want make sure if I got the 3rd
I may be an idiot, but I'm a tolerated idiot
"I think you completely missed the point of sigs. They're supposed to be completely homegrown in the fertile hydroponics lab of your mind, dried in your closet, rolled, and smoked...
Oh wait, that's marijuana..."Einhander Sn0m4n
Top
User avatar
BloodAngel
Padawan Learner
Posts: 356
Joined: 2005-05-25 10:47pm
Location: DON'T GET TOO CLOSE OR ELSE!!!

Post by BloodAngel »

Return to Castle Wolfenstein.

I never liked Quake 3, but damn, just playing it can cause someone to break into your computer? Quake 3 having this kind of power in the first place (besides hardware access) is a mystery in itself.
Blood Angel, the Hidden Name of Who You Know.

Zadius: "Done. I get turned on by shit. Nothin' else. 8)"
Top
User avatar
Durandal
Bile-Driven Hate Machine
Posts: 17927
Joined: 2002-07-03 06:26pm
Location: Silicon Valley, CA
Contact:
Contact Durandal

Post by Durandal »

I'm guessing that the privilege escalation only affects Windows users. On Linux and OS X, Quake 3 doesn't run with root privileges.
Damien Sorresso

"Ever see what them computa bitchez do to numbas? It ain't natural. Numbas ain't supposed to be code, they supposed to quantify shit."
- The Onion
Top
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

I'm also wondering if Star Trek Elite Force is affected as well?
BloodAngel wrote:Return to Castle Wolfenstein.

I never liked Quake 3, but damn, just playing it can cause someone to break into your computer? Quake 3 having this kind of power in the first place (besides hardware access) is a mystery in itself.
Quake 3 was ok, but I didn't much like the extremely anemic 'single-player'. As for the hack, only connection to a server 0wned by bad guys will do this.
Durandal wrote:I'm guessing that the privilege escalation only affects Windows users. On Linux and OS X, Quake 3 doesn't run with root privileges.
And Durandal wins the Yiddish Cup! It really sucks about this bug; now that Q3 is Open-Source, hopefully someone will iron it out soon.
Image Image
Top
Post Reply

Return to “Gaming, Electronics and Computers”