Urban Terror Forums: [SECURITY] Arbitrary code execution in recent clients - Urban Terror Forums

Jump to content

 Login | Register 
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

[SECURITY] Arbitrary code execution in recent clients Rate Topic: -----

#1 User is offline   undead Icon

  • Account: undead
  • Joined: 06-June 10
  • Posts: 199

Posted 07 August 2011 - 01:40 AM

I made a post in the general topic forum but since this affects Unix clients in particular, I'm posting here too.

There was an arbitrary remote code execution exploit in recent ioquake3 Unix clients from SVN r1773 through r2096. If you use a client based off of that source code, you should upgrade. It appears that mitsubishi's client is vulnerable since it is based off of r1807 although I'm not sure what exactly he used. It's just a diff which may or may not have been used to generate the executable.

ioUrT is too old to be vulnerable to this exploit. Either go back to ioUrbanTerror, update mitsu's client to the latest code, or compile a new client based on the latest ioquake3 code.

Other games like World of Padman made a hotfix release for Linux clients. Again, this isn't necessary for ioUrT since it is too old to contain the vulnerable code.

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

bullet_disabledSponsored link

Copyright © 1999-2019 Frozensand Games Limited  |  All rights reserved  |  Urban Terror™ and FrozenSand™ are trademarks of Frozensand Games Limited

Frozensand Games is a Limited company registered in England and Wales. Company Reg No: 10343942