Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2017-6903 - log back

CVE-2017-6903 created at 25 Sep 2019 19:31:40

Severity

+

Critical

Remote

+

Remote

Type

+	Arbitrary code execution

Description

+	The current version of ioquake3 (and its forks) receive arbitrary files from server and load them in the context of the ioq3 client. If a malicious attacker ships an arbitrary .so/openAL driver file, it will be loaded by the client process, resulting in arbitrary code execution

References

+	https://github.com/Barbatos/ioq3-for-UrbanTerror-4/issues/71
+	https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
+	https://github.com/Barbatos/ioq3-for-UrbanTerror-4/pull/73

Notes