Vulnerability ID 4974

Id Software Quake 3 Engine UDP Request Parser getstatus denial of service

CVSSv2 Temp ScoreCurrent Exploit Price
5.8$0-$1k

A vulnerability was found in Id Software Quake 3 Engine (the affected version is unknown). It has been classified as problematic. Affected is the function getstatus of the component UDP Request Parser. The manipulation with an unknown input leads to a denial of service vulnerability (crash). This is going to have an impact on availability.

The weakness was shared 01/03/2010. The advisory is shared for download at icculus.org. This vulnerability is traded as CVE-2010-5077 since 12/19/2011. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known.

As 0-day the estimated underground price was around $1k-$2k. The vulnerability scanner Nessus provides a plugin with the ID 58784 (Fedora 17 : tremulous-1.2.0-0.5.beta1.fc17 (2012-5371)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks, running in the context local and relying on port 0.

Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at icculus.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at OSVDB (80644), SecurityFocus (BID 52719), X-Force (74343) and Secunia (SA48594). The entries 3365 are pretty similar.

CVSS

Base Score: 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C) [?]
Temp Score: 5.8 (CVSS2#E:U/RL:OF/RC:C) [?]

Access VectorAccess ComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Denial of service (CWE-20)
Local: No
Remote: Yes

Availability: No
Access: Public
Status: Unproven

Current Price Estimation:

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 58784
Nessus Name: Fedora 17 : tremulous-1.2.0-0.5.beta1.fc17 (2012-5371)
Nessus File: debian_DSA-2442.nasl
Nessus Family: Fedora Local Security Checks
Nessus Context: local
Nessus Port: 0
OpenVAS ID: 71245
OpenVAS Name: Debian Security Advisory DSA 2442-1 (openarena)
OpenVAS File: deb_2442_1.nasl
OpenVAS Family: Debian Local Security Checks

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Patch: icculus.org

Timeline

01/03/2010 | Advisory disclosed
01/03/2010 | Countermeasure disclosed
12/19/2011 | CVE assigned
03/26/2012 | SecurityFocus entry assigned
03/26/2012 | VulnerabilityCenter entry assigned
03/29/2012 | OSVDB entry created
04/02/2012 | VulDB entry created
04/19/2012 | Nessus plugin released
03/12/2013 | VulnerabilityCenter entry created
10/27/2014 | NVD disclosed
10/29/2014 | VulnerabilityCenter entry updated
07/08/2015 | VulDB entry updated

Sources

Advisory: icculus.org
Status: Confirmed

CVE: CVE-2010-5077 (mitre.org) (nvd.nist.org) (cvedetails.com)

OSVDB: 80644 - Quake 3 Engine getstatus UDP Request Parsing Remote DoS
SecurityFocus: 52719 - ioQuake3 Engine Multiple Remote Denial of Service Vulnerabilities
Secunia: 48594 - Debian update for openarena, Not Critical
X-Force: 74343 - ioQuake3 Engine multiple denial of service, Medium Risk
Vulnerability Center: 38728 - ID Software Quake3 Engine Based Games Remote UDP DoS, High

See also: 3365

Entry

Created: 04/02/2012
Updated: 07/08/2015
Entry: 93.7% complete