quake 3 directory traversal exploit

rewtamus · **Joined:** 19 Nov 2007 02:40 **Posts:** 8

Quote:

An input validation error exists within the processing of ".pk3" file download requests from a client. This can be to download arbitrary files accessible to the server process via directory traversal attacks.

The vulnerability has been reported in the following software:
* Quake III Arena / Team Arena
* Return to Castle Wolfenstein
* Wolfenstein: Enemy Territory
* Star Trek Voyager: Elite Force

Other versions may also be affected.

Solution:
Update to the fixed versions.
http://www.idsoftware.com/

Quake III Arena:
Update to version 1.32c.

Return to Castle Wolfenstein:
Update to version 1.41b.

Wolfenstein: Enemy Territory:
Update to version 2.60b.

link:
http://www.frsirt.com/english/advisories/2006/1676

Aloha Luigi,

I was wondering if you had any input on how to patch the exploit they are talking about. sv_allowdownload was set to "0" and it seems someone has still hacked my JK2 server. I have been reading your advisories for a few years and appreciate the work you are doing. I already patched a few things, even hex-edited .vsay and .vsay_team to patch the overflow exploit. are you also aware of the JKVSTR exploit? and the "/seta forcepower" exploit? It has been hard trying to fix all these problems, but I love this game so i endure. Thank you for all your help.

aluigi · **Posted:** 03 Apr 2008 12:44

if you have a windows server you can try my patch for the q3dirtrav bug:

http://aluigi.org/patches.htm#quake3

The other bugs you list seems game related so the only way to "work-around" them is through the modification of the game dll contained in the pk3 files, anyway I don't have more detailed info or alternative solutions about it.

Luigi Auriemma

quake 3 directory traversal exploit