[19228] in bugtraq
Re: Bug in Action Quake2 v1.52+vote
daemon@ATHENA.MIT.EDU (Daniel Chin)
Thu Feb 15 15:50:08 2001
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <PEEPIIEFLIBAGGMNDFHBAEBFCCAA.dschin@syr.edu>
Date: Wed, 14 Feb 2001 17:41:47 -0500
Reply-To: Daniel Chin <dschin@SYR.EDU>
From: Daniel Chin <dschin@SYR.EDU>
X-To: jordan@blue-ferret.com.au
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <01021417242801.03722@mrx.exploit.cx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
this bug is known about. unfortunately, the official AQ2 is no longer
under development, so it probably won't get patched officially.
(http://www.telefragged.net/action)
however, many US servers are running AQ:E/TE 4.3d, which fixes the $$
skin bug, and many others (such as weapon farming). for more
information, check out aqdt.fear.net (this is the version that the
OGL requires servers to run for AQ matches, so its not as if its a
very obscure sub-mod. :)) Consider trying to convince vulnerable
server operators to upgrade to this version.
below is a snippet of the AQ:E/TE changelog
- - Dan Chin
(or, in Action, [ST7]Lt.Hawkins ;)
AQDT Modified Action Quake - AQ: Espionage
::snip::
v4.3a
* Made $$ handling kindler and gentler
v4.3
* Made several cvars _not_ serverinfo (to fix "info string length
exceeded")
* Fixed $$ skin bug
::snip::
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
> Jordan T.
> Sent: Wednesday, February 14, 2001 4:22 AM
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: [BUGTRAQ] Bug in Action Quake2 v1.52+vote
>
>
> Bugtraq,
>
> A friend of mine has discovered a possible bug in Action Quake2
> teamplay v1.52+vote that allows any player to crash the server.
> he can be reached at deathboy99@hotmail.com.
> here are the details..
>
> connect to the server, hit the console key " ` " and type this:
> set skin "$$" (with the double quotes)
> goto multiplayer options, player options, and select allow
> downloading and make
> sure you allow skin downloading
> then reconnect to the server and the following should happen:
>
> ]set skin "$$"
> ]connect 203.166.224.43:27910
> Connecting to 203.166.224.43:27910...
> 203.166.224.43:27910: challenge
> 203.166.224.43:27910: client_connect
>
> The Crack Down
> Refusing to download a path with ..
> Refusing to download a path with ..
> Downloading players/$$/tris.md2
> Server fatal crashed: FS_Read: 0 bytes read
>
> I have confirmed this.
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOosJoFQE03pSB7UuEQI+3QCgttzie5IcMIYeZuGf7B942/lgRpgAn1Jp
9zx0FnuNb+h82qJlQhE86gBe
=fbuZ
-----END PGP SIGNATURE-----
