User login
quake3 1.32c update
8. May 2006 - 23:51
Very important update for q3 servers! :roll:
Quote:
CVE-2006-2082: directory traversal / information leak in Quake III Arena auto download featureLudwig Nussel and Thilo Shulz discovered a vulnerability letting a malicious client download files from a server if auto download is enabled ( sv_allowDownload 1 ).
Issue #2 ( CVE pending ): R_RemapShaders buffer overflow
A second issue fixed in this release would let a malicious server exploit a buffer overflow to execute a shellcode on connecting clients.
--
Updated binaries for the following games are available:Quake III Arena - fixed at version 1.32c
Return To Castle Wolfenstein - fixed at version 1.41b
Wolfenstein: Enemy Territory - fixed at version 2.60bIf you run a server with any older version, please upgrade or consider turning off autodownload ( set sv_allowDownload to 0 ). Wolfenstein: Enemy Territory servers http/ftp download feature is not affected by CVE-2006-2082. If you don't wish to upgrade, you can decide to only enable http/ftp downloads and disable legacy downloads in that particular case.
Finally, server administrators should note that game servers should be running in restricted environments as much as possible ( unpriviledged accounts and chroot jails ). It's a good thing to do the same for clients, or at least ensure that you are properly firewalled.
download:
--(windows only:) http://www.idsoftware.com/downloads/shambler.php?id=8000 (500 KB)
--(all platforms): http://www.fileshack.com/file.x?fid=8766 (3 MB)
9. May 2006 - 6:27
#2
![mow Q [EN]](/files/screenname/8646b528fbbe1090dc61e0f29405d1b3.webp "mow Q [EN]"){kind=small}
quake3 1.32c update
but can people play with 1.32b on servers with 1.32c?
9. May 2006 - 13:14
#3
quake3 1.32c update
that is what hapens when im connecting to KO server (mine client is 1.32c)
9. May 2006 - 13:23
#4
quake3 1.32c update
Servers need to update the quake3.exe.
Quote:
All it takes is the hosting company replacing the original "quake3.exe" with the updated one. It's not a patch really, it's an updated .exe, so it should take like all of 10 seconds.
+
Readme file
Quote:
If you run a server with any older version, please upgrade or consider
turning off autodownload ( set sv_allowDownload to 0 ).
wrote:lol@sethy ur too funny man... if i was a woman, you would make me horny.
9. May 2006 - 13:26
#5
Germany
quake3 1.32c update
idsoftware hompage with all files O_o...
http://www.idsoftware.com/
9. May 2006 - 16:57
#6
quake3 1.32c update
wrote:that is what hapens when im connecting to KO server (mine client is 1.32c)
cuz server is still without patch 1.32c
9. May 2006 - 17:36
#7
quake3 1.32c update
but if server is 1.32c can people with 1.32b connect?
if not, can we expect the community to uprage so fast?
9. May 2006 - 18:14
#8
![parasight [E+]](/files/screenname/0cca6e59cbebd181b39825a534a9b15a.webp "parasight [E+]"){kind=small}
quake3 1.32c update
wrote:if not, can we expect the community to uprage so fast?
Well, since it's an official update and not a beta, yes, we can and should expect the community to upgrade. I don't see a reason to leave a known exploit open for the sake of convenience.
On a side note, here's another great example of crappy usability design in Quake. The message shouldn't be telling me about some PB nonsense, it should tell me to upgrade Quake, and tell me which version it wants. E+ can do it, so id software should be capable of doing something similar.
9. May 2006 - 20:03
#9
quake3 1.32c update
wrote:On a side note, here's another great example of crappy usability design in Quake.
are you joking, right? try to consider year of release and difference between 'q3a' project and 'punkbuster' project
9. May 2006 - 20:19
#10
quake3 1.32c update
Quote:
but if server is 1.32c can people with 1.32b connect?
Ok, I just tested. When server is 1.32c the "b" players CAN connect and play without problems. Same goes with sv_punkbuster 1 on 1.32c.
Stupid PB kicks only 1.32c players on 1.32b servers. (info to evenbalance sent).
So, update your servers all NOW!! Players wait couple days.
Shout 15:41:10
: Steff, traitor. That’s a valid message
: Enter a valid Message
: Me, lol
: hello!
: I hope you had a good reason to be absent. Get well soon, my friend.
: Impressive
: I am half Russian and half black. I'm black on the bottom half. Don't forget to lubricate your ass 
: ok, bring it on analbolic hohol
: Come tomorrow to watch my battle with ShadyХУЙ at SexyFraggers 8 on central european, 22:00 Moscow time. He said he would win because he was a deft monkey. ХУЙ don't forget to put on makeup, I'll record us on video. You must be beautiful.
: broheim it is oke!!! I saw Moldova elections on the news, and referendum before that. HOPE life will get better (but nothing ever changes)
Who's online
There are currently 1 user and 10 guests online.
Just tested. Players consider downloading because stupid punkbuster kicks for using it... if server isnt updated.
Better keep backup of the old exe also. PB is sometimes so pathetic.
SiN - team of extraordinary individuals.
Those worthless creatures surround me...