VulDB: Id Software Quake 3 Engine UDP Request Parser getstatus denial of service
General
scipID: 4974
Affected: Id Software Quake 3 Engine
Published: 01/03/2010
Risk: 
problematic
Entry: 81.1% complete
Created: 04/02/2012
Updated: 09/03/2012
Summary
A vulnerability classified as problematic has been found in Id Software Quake 3 Engine. Affected is the function getstatus of the component UDP Request Parser. The manipulation with an unknown input leads to a denial of service vulnerability. This is going to have an impact on availability.
The weakness was shared 01/03/2010. The advisory is shared for download at icculus.org. This vulnerability is traded as CVE-2010-5077 since 12/19/2011. It is possible to launch the attack remotely. Technical details are known, but there is no available exploit.
The vulnerability scanner Nessus provides a plugin with the ID 58786 (Fedora 16 2012-5434), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks and running in the context local.
A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the vulnerability database at OSVDB (80644).CVSS
Base Score: 6.3 (CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:C) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Denial of service
Local: No
Remote: Yes
Availability: No
Nessus ID: 58786
Nessus Name: Fedora 16 2012-5434
Nessus Family: Fedora Local Security Checks
Nessus Context: local
Countermeasures
Recommended: no mitigation known
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Timeline
01/03/2010 | Advisory disclosed
01/03/2010 | Countermeasure disclosed
12/19/2011 | CVE assigned
03/29/2012 | OSVDB entry created
04/02/2012 | VulDB entry created
04/19/2012 | Nessus plugin released
09/03/2012 | VulDB entry updated
Sources
Advisory: icculus.org
OSVDB: 80644
CVE: CVE-2010-5077 (mitre.org) (nist.org) (cvedetails.com)
- Latest Entries
- Apple QuickTime DREF Atom Handler buffer overflow [CVE-2013-1017]
- Apple QuickTime H.264 Handler buffer overflow [CVE-2013-1018]
- Apple QuickTime MP3 File Handler buffer overflow [CVE-2013-0989]
- Apple QuickTime Sorenson Codec Handler buffer overflow [CVE-2013-1019]
- Apple QuickTime JPEG Handler buffer overflow [CVE-2013-1020]
- Statistics
- Archive
