mailing list archives
CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Mon, 26 Mar 2012 15:09:01 +0200
Hello Kurt, Steve, vendors,
yet in 2010 the following problem has been corrected in Quake3 / OpenArena:
A distributed denial of service flaw was found in the way Quake3 Arena /
OpenArena servers used to handle 'getstatus' and 'rcon' (remote command)
connectionless requests. A remote attacker could use this flaw to perform
distributed denial of service attack against the target server IP gameserver by
spoofing certain packets.
Relevant upstream patch:
Could you allocate a CVE-2010-* CVE identifier for this issue?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
P.S.: There doesn't seem to be a CVE identifier for this issue yet:
mentions various Quake3 related security flaws, but doesn't
this concrete issue yet.
- CVE-2010 Request: quake3 / openarena-server: DDoS by processing 'getstatus' and 'rcon' packets Jan Lieskovsky (Mar 26)