Information Security News mailing list archives
Quake III flaw could frag your computer
From: William Knowles <wk () C4I ORG>
Date: Mon, 8 May 2000 00:06:51 -0500
http://www.zdnet.com/zdnn/stories/news/0,4586,2561554,00.html By Rob Lemos, ZDNN May 3, 2000 5:34 PM PT Game developer Id Software Inc. announced on Wednesday that its flagship first-person shooter has a security flaw that could leave Quake III players' computers open to attack while they play. "The basic nature of the exploit is that malicious server operators could overwrite any file on a client system," wrote Robert Duffy, a programmer at Id Software, in his .plan file on Wednesday. The flaw was found last week by network security firm Internet Security Systems Inc. and could allow an attacker running a Quake III server to read and write to any player's computer connecting that server. Internet Security Systems waited until Id Software could issue a patch before sending out an alert to users and the press. "This vulnerability is important to network administrators who may be unaware that users are accessing potentially malicious Quake3Arena servers outside their network," wrote Internet Security Systems in the alert. Id Software fixed the flaw in its latest patch release, Version 1.17, released on Wednesday. To force users to move over to the secured Quake III client, Id Software has made Version 1.17 of the game incompatible with earlier -- and insecure -- versions. *-------------------------------------------------* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen. Alfred. M. Gray, USMC --------------------------------------------------- C4I Secure Solutions http://www.c4i.org *-------------------------------------------------* ISN is sponsored by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Quake III flaw could frag your computer William Knowles (May 08)