CVE-2002-0770 Information

Description

Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables obtain directory listings and execute Q2 server admin commands via a client that does not expand $\ macros which causes the server to expand the macros and leak the information as demonstrated using \say $rcon_password.\

Reference

http://online.securityfocus.com/archive/1/272548 http://www.iss.net/security_center/static/9095.php http://www.kb.cert.org/vuls/id/970915 http://www.osvdb.org/11187 http://www.quakesrc.org/forum/topicDisplay.php?topicID=160 http://www.securityfocus.com/bid/4744