NVD Vulnerability Detail

CVE-2006-3324

Summary	The Automatic Downloading option in the id3 Quake 3 Engine and the Icculus Quake 3 Engine (ioquake3) before revision 804 allows remote attackers to overwrite arbitrary files in the quake3 directory (fs_homepath cvar) via a long string of filenames, as contained in the neededpaks buffer.
Publication Date	July 1, 2006, 8:05 a.m.
Registration Date	Jan. 29, 2021, 3:40 p.m.
Last Update	Oct. 19, 2018, 1:46 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:id_software:quake_3_engine::::::::
cpe:2.3:a:id_software:quake_3_engine:1.32b:::::::*
cpe:2.3:a:id_software:quake_3_engine:1.32c:::::::*
cpe:2.3:a:id_software:quake_3_engine:icculus_803:::::::*
cpe:2.3:a:id_software:quake_3_engine:icculus_804:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://aluigi.altervista.org/adv/q3cfilevar-adv.txt	MISC	Exploit
2	http://secunia.com/advisories/20401	SECUNIA	Vendor Advisory
3	http://secunia.com/advisories/20851	SECUNIA	Vendor Advisory
4	http://securityreason.com/securityalert/1171	SREASON
5	http://svn.icculus.org/quake3?rev=804&view=rev	CONFIRM
6	http://www.securityfocus.com/archive/1/438515/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/archive/1/438660/100/0/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/18685	BID	Exploit
9	http://www.vupen.com/english/advisories/2006/2569	VUPEN
10	https://exchange.xforce.ibmcloud.com/vulnerabilities/27486	XF

Common Vulnerabilities List

JVN Vulnerability Information

id software の quake 3 engine における脆弱性

Title	id software の quake 3 engine における脆弱性
Summary	id software の quake 3 engine には、不特定の脆弱性が存在します。
Possible impacts	情報を改ざんされる可能性があります。
Solution	ベンダアドバイザリまたはパッチ情報が公開されています。参考情報を参照して適切な対策を実施してください。
Publication Date	June 30, 2006, midnight
Registration Date	Sept. 6, 2024, 5:06 p.m.
Last Update	Sept. 6, 2024, 5:06 p.m.

Affected System

id software

quake 3 engine

quake 3 engine 1.32b

quake 3 engine 1.32c

quake 3 engine icculus 803

quake 3 engine icculus 804

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-3324	https://www.cve.org/CVERecord?id=CVE-2006-3324
National Vulnerability Database (NVD)
2	CVE-2006-3324	https://nvd.nist.gov/vuln/detail/CVE-2006-3324

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-Other	https://www.ipa.go.jp/security/vuln/scap/cwe.html

その他

No	Name	URL
関連文書
1	aluigi.altervista.org (q3cfilevar-adv.txt)	http://aluigi.altervista.org/adv/q3cfilevar-adv.txt
2	exchange.xforce.ibmcloud.com (vulnerabilities/27486)	https://exchange.xforce.ibmcloud.com/vulnerabilities/27486
3	secunia.com (advisories/20401)	http://secunia.com/advisories/20401
4	secunia.com (advisories/20851)	http://secunia.com/advisories/20851
5	securityreason.com (securityalert/1171)	http://securityreason.com/securityalert/1171
6	svn.icculus.org (quake3?rev=804&view=rev)	http://svn.icculus.org/quake3?rev=804&view=rev
7	www.securityfocus.com (bid/18685)	http://www.securityfocus.com/bid/18685
8	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/438515/100/0/threaded
9	www.securityfocus.com (threaded)	http://www.securityfocus.com/archive/1/438660/100/0/threaded
10	www.vupen.com (advisories/2006/2569)	http://www.vupen.com/english/advisories/2006/2569

Change Log

No	Changed Details	Date of change
1	[2024年09月06日] 掲載	Sept. 6, 2024, 5:06 p.m.