User login
quake3 1.32c update
9. May 2006 - 0:51
Very important update for q3 servers! :roll:
Quote:
CVE-2006-2082: directory traversal / information leak in Quake III Arena auto download featureLudwig Nussel and Thilo Shulz discovered a vulnerability letting a malicious client download files from a server if auto download is enabled ( sv_allowDownload 1 ).
Issue #2 ( CVE pending ): R_RemapShaders buffer overflow
A second issue fixed in this release would let a malicious server exploit a buffer overflow to execute a shellcode on connecting clients.
--
Updated binaries for the following games are available:Quake III Arena - fixed at version 1.32c
Return To Castle Wolfenstein - fixed at version 1.41b
Wolfenstein: Enemy Territory - fixed at version 2.60bIf you run a server with any older version, please upgrade or consider turning off autodownload ( set sv_allowDownload to 0 ). Wolfenstein: Enemy Territory servers http/ftp download feature is not affected by CVE-2006-2082. If you don't wish to upgrade, you can decide to only enable http/ftp downloads and disable legacy downloads in that particular case.
Finally, server administrators should note that game servers should be running in restricted environments as much as possible ( unpriviledged accounts and chroot jails ). It's a good thing to do the same for clients, or at least ensure that you are properly firewalled.
download:
--(windows only:) http://www.idsoftware.com/downloads/shambler.php?id=8000 (500 KB)
--(all platforms): http://www.fileshack.com/file.x?fid=8766 (3 MB)
9. May 2006 - 7:27
#2
![mow Q [EN]](/files/screenname/8646b528fbbe1090dc61e0f29405d1b3.webp "mow Q [EN]"){kind=small}
quake3 1.32c update
but can people play with 1.32b on servers with 1.32c?
9. May 2006 - 14:14
#3
quake3 1.32c update
that is what hapens when im connecting to KO server (mine client is 1.32c)
9. May 2006 - 14:23
#4
quake3 1.32c update
Servers need to update the quake3.exe.
Quote:
All it takes is the hosting company replacing the original "quake3.exe" with the updated one. It's not a patch really, it's an updated .exe, so it should take like all of 10 seconds.
+
Readme file
Quote:
If you run a server with any older version, please upgrade or consider
turning off autodownload ( set sv_allowDownload to 0 ).
wrote:lol@sethy ur too funny man... if i was a woman, you would make me horny.
9. May 2006 - 14:26
#5
Germany
quake3 1.32c update
idsoftware hompage with all files O_o...
http://www.idsoftware.com/
9. May 2006 - 17:57
#6
quake3 1.32c update
wrote:that is what hapens when im connecting to KO server (mine client is 1.32c)
cuz server is still without patch 1.32c
9. May 2006 - 18:36
#7
quake3 1.32c update
but if server is 1.32c can people with 1.32b connect?
if not, can we expect the community to uprage so fast?
9. May 2006 - 19:14
#8
![parasight [E+]](/files/screenname/0cca6e59cbebd181b39825a534a9b15a.webp "parasight [E+]"){kind=small}
quake3 1.32c update
wrote:if not, can we expect the community to uprage so fast?
Well, since it's an official update and not a beta, yes, we can and should expect the community to upgrade. I don't see a reason to leave a known exploit open for the sake of convenience.
On a side note, here's another great example of crappy usability design in Quake. The message shouldn't be telling me about some PB nonsense, it should tell me to upgrade Quake, and tell me which version it wants. E+ can do it, so id software should be capable of doing something similar.
9. May 2006 - 21:03
#9
quake3 1.32c update
wrote:On a side note, here's another great example of crappy usability design in Quake.
are you joking, right? try to consider year of release and difference between 'q3a' project and 'punkbuster' project
9. May 2006 - 21:19
#10
quake3 1.32c update
Quote:
but if server is 1.32c can people with 1.32b connect?
Ok, I just tested. When server is 1.32c the "b" players CAN connect and play without problems. Same goes with sv_punkbuster 1 on 1.32c.
Stupid PB kicks only 1.32c players on 1.32b servers. (info to evenbalance sent).
So, update your servers all NOW!! Players wait couple days.
Shout 15:36:24
: Fofo gtfo
: Hello :]
: try my gaming group https://discord...
: Khaz, I smell alcohol-induced nostalgia here!
: This game was so great, till today there’s no game that is better. Cant forget all the years playing this.
: Hey khaz. Yop would be nice to go back into the 2006 or 2007 for example and enjoy this game with all of those great people. We had a great times.
: Hello there.
I really wish I could travel back time to play with you guys once again and strafe around ermap3, this was so chilling.
Best regards, hope you’re all doing okay.
: hi _LB I SEE THAT TOO 2 spectators all day on the Carnage Elite server weird
: Sup.
: I see 2 spectators all day on the Carnage Elite server with random names and equal ping times. What's the story on this? Anyone?
Who's online
There are currently 4 users and 5 guests online.
Just tested. Players consider downloading because stupid punkbuster kicks for using it... if server isnt updated.
Better keep backup of the old exe also. PB is sometimes so pathetic.
SiN - team of extraordinary individuals.
Those worthless creatures surround me...