I made a post in the general topic forum but since this affects Unix clients in particular, I'm posting here too.
There was an arbitrary remote code execution exploit in recent ioquake3 Unix clients from SVN r1773 through r2096. If you use a client based off of that source code, you should upgrade. It appears that mitsubishi's client is vulnerable since it is based off of r1807 although I'm not sure what exactly he used. It's just a diff which may or may not have been used to generate the executable.
ioUrT is too old to be vulnerable to this exploit. Either go back to ioUrbanTerror, update mitsu's client to the latest code, or compile a new client based on the latest ioquake3 code.
Other games like World of Padman made a hotfix release for Linux clients. Again, this isn't necessary for ioUrT since it is too old to contain the vulnerable code.
Advertisement
Page 1 of 1
[SECURITY] Arbitrary code execution in recent clients
Page 1 of 1
1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users
Advertisement