|Main Archive Page > Month Archives > oss-security archives|
Hello Kurt, Steve, vendors,
yet in 2010 the following problem has been corrected in Quake3 / OpenArena:
A distributed denial of service flaw was found in the way Quake3 Arena /
OpenArena servers used to handle 'getstatus' and 'rcon' (remote command)
connectionless requests. A remote attacker could use this flaw to perform
distributed denial of service attack against the target server IP gameserver by
spoofing certain packets.
Relevant upstream patch:
Could you allocate a CVE-2010-* CVE identifier for this issue?
Thank you && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team P.S.: There doesn't seem to be a CVE identifier for this issue yet: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=quake3 mentions various Quake3 related security flaws, but doesn't this concrete issue yet.