Bug 217911 - games/ioquake3 remote dll loading security issues
Summary: games/ioquake3 remote dll loading security issues
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Dominic Fandrey
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-03-19 04:54 UTC by Nick Wolff
Modified: 2020-08-15 05:11 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Wolff 2017-03-19 04:54:14 UTC
http://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/

Looks like ioquake3 had a bug where pk3 files from remote servers could get loaded as libraries... 

This could mean un-elevated Remote code execution

Commit where it is fixed.
https://github.com/ioquake/ioq3/commit/376267d534476a875d8b9228149c4ee18b74a4fd
Comment 1 Dominic Fandrey freebsd_committer freebsd_triage 2017-03-21 10:30:02 UTC
I'm working on it.
Comment 2 commit-hook freebsd_committer freebsd_triage 2017-04-07 14:26:49 UTC
A commit references this bug:

Author: kami
Date: Fri Apr  7 14:26:14 UTC 2017
New revision: 437926
URL: https://svnweb.freebsd.org/changeset/ports/437926

Log:
  security/vuxml: Add id Tech 3 remote code execution

  PR:		217911
  Reviewed by:	delphij, #ports_secteam
  Approved by:	delphij, #ports_secteam
  Security:	CVE-2017-6903
  Differential Revision:	https://reviews.freebsd.org/D10244

Changes:
  head/security/vuxml/vuln.xml
Comment 3 commit-hook freebsd_committer freebsd_triage 2017-05-18 20:31:31 UTC
A commit references this bug:

Author: kami
Date: Thu May 18 20:31:05 UTC 2017
New revision: 441198
URL: https://svnweb.freebsd.org/changeset/ports/441198

Log:
  games/ioquake3-devel: Remove in favour of ioquake3

  Upstream requested us to point games/ioquake3 to github master,
  making this port obsolete.

  PR:		217911
  Reviewed by:	miwi
  Approved by:	miwi (mentor)
  MFH:		2017Q2
  Security:	CVE-2017-6903
  Security:	e48355d7-1548-11e7-8611-0090f5f2f347
  Differential Revision:	https://reviews.freebsd.org/D10172

Changes:
  head/games/Makefile
  head/games/ioquake3-devel/
  head/games/ioquake3-devel-server/
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-05-18 20:59:59 UTC
A commit references this bug:

Author: kami
Date: Thu May 18 20:59:00 UTC 2017
New revision: 441199
URL: https://svnweb.freebsd.org/changeset/ports/441199

Log:
  games/openarena: Fix CVE-2017-6903

  - Backport fix based on patchset for urbanterror [1]

  [1] https://github.com/Barbatos/ioq3-for-UrbanTerror-4/pull/73

  PR:		217911
  Submitted by:	miwi
  Approved by:	miwi (mentor)
  MFH:		2017Q2
  Security:	CVE-2017-6903
  Security:	e48355d7-1548-11e7-8611-0090f5f2f347
  Differential Revision:	https://reviews.freebsd.org/D10176

Changes:
  head/games/openarena/Makefile
  head/games/openarena/files/patch-code_botlib_be__aas__route.c
  head/games/openarena/files/patch-code_client_cl__console.c
  head/games/openarena/files/patch-code_client_cl__curl.c
  head/games/openarena/files/patch-code_client_cl__parse.c
  head/games/openarena/files/patch-code_client_snd__openal.c
  head/games/openarena/files/patch-code_qcommon_common.c
  head/games/openarena/files/patch-code_qcommon_files.c
  head/games/openarena/files/patch-code_qcommon_q__shared.c
  head/games/openarena/files/patch-code_qcommon_qcommon.h
  head/games/openarena/files/patch-code_qcommon_vm__x86.c
  head/games/openarena/pkg-message
Comment 5 Ed Maste freebsd_committer freebsd_triage 2019-06-09 10:47:41 UTC
This is solved now?
Comment 6 Mark Linimon freebsd_committer freebsd_triage 2020-08-15 03:34:23 UTC
^Triage: submitter timeout (> 1 year).
Comment 7 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-15 05:11:18 UTC
^Triage: Assign to committer that resolved