Summary
The remote host is missing updates announced in
advisory GLSA 200407-14.
Solution
All Unreal Tournament users should upgrade to the latest available versions:
# emerge sync
# emerge -pv '>=games-fps/ut2003-2225-r3'
# emerge '>=games-fps/ut2003-2225-r3'
# emerge -pv '>=games-server/ut2003-ded-2225-r2'
# emerge '>=games-server/ut2003-ded-2225-r2'
# emerge -pv '>=games-fps/ut2004-3236'
# emerge '>=games-fps/ut2004-3236'
# emerge -pv '>=games-fps/ut2004-demo-3120-r4'
# emerge '>=games-fps/ut2004-demo-3120-r4'
http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200407-14 http://bugs.gentoo.org/show_bug.cgi?id=54726
http://aluigi.altervista.org/adv/unsecure-adv.txt
Insight
Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries.
Severity
Classification
-
CVE CVE-2004-0608 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities