CVE-2010-5077

Published: Oct 27, 2014

Modified: Aug 7, 2024

PUBLISHED

Description

server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstatus or (2) rcon request.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20120326 Traffic amplification via Quake 3-based servers

mailing-list

x_refsource_BUGTRAQ

http://openarena.ws/board/index.php?topic=4391.0

x_refsource_MISC

DSA-2442

vendor-advisory

x_refsource_DEBIAN

http://www.urbanterror.info/forums/topic/27825-drdos/

x_refsource_MISC

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665656

x_refsource_MISC

http://permalink.gmane.org/gmane.comp.games.ioquake3/961

x_refsource_MISC

[oss-security] 20120326 Re: CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets

mailing-list

x_refsource_MLIST

http://www.ioquake.org/forums/viewtopic.php?f=12&t=1694

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2010-5077

Description

Affected Products

References