AW: Response from Activision re: RTCW?

[vogt () hansenet com]

> 1.)  I'm assuming this is poor business practice to recommend 
> I go to fan
> sites to research something as critical as security issues?

given that RTCW is one of the more popular right now games, they're probably
drowning in email in handling it through a frontoffice (callcenter), so it's
very likely that the agent handling your mail simply didn't understand the
issue.

> 2.) Are there known RTCW exploits?  I haven't been able to find any
> information on this.

no out-of-the-box things. but it's a modified Q3 engine and Q3 has had a few
exploits, so I would guess that they'll eventually appear.

I recommend heavily to run servers of this kind under a unique user with
minimal rights.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com