Bug#660827: tremulous: CVE-2006-2236 ("the remapShader exploit") can lead to arbitrary code execution

Simon McVittie smcv at debian.org
Wed Feb 22 08:36:38 UTC 2012


Package: tremulous
Version: 1.1.0-4.1
Severity: grave
Tags: security
Justification: user security hole

CVE-2006-2236 is a buffer overflow in the Quake 3 engine, originally
discovered by "landser". Due to missing bounds-checking in COM_StripExtension,
as used by the "remapShader" command, a malicious server can cause clients
connecting to it to execute arbitrary code.

Tremulous is based on a fork of that engine, and version 1.1.0 as shipped
in Debian has the same vulnerability.

The de facto upstream for the Quake 3 engine is ioquake3, in which this
vulnerability was fixed in r765. Debian's ioquake3 package is not vulnerable.





More information about the Pkg-games-devel mailing list