FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

id Tech 3 -- remote code execution vulnerability

Affected packages
ioquake3 < 1.36_16
ioquake3-devel < g2930
iourbanterror < 4.3.2,1
openarena < 0.8.8.s1910_3,1

Details

VuXML ID e48355d7-1548-11e7-8611-0090f5f2f347
Discovery 2017-03-14
Entry 2017-04-07

The content auto-download of id Tech 3 can be used to deliver maliciously crafted content, that triggers downloading of further content and loading and executing it as native code with user credentials. This affects ioquake3, ioUrbanTerror, OpenArena, the original Quake 3 Arena and other forks.

References

CVE Name CVE-2017-6903
URL https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.