← back
CVE-2002-0770

CVE-2002-0770

EPSS 5.5%
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/21450unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://online.securityfocus.com/archive/1/272548http://www.iss.net/security_center/static/9095.phphttp://www.kb.cert.org/vuls/id/970915http://www.osvdb.org/11187http://www.quakesrc.org/forum/topicDisplay.php?topicID=160http://www.securityfocus.com/bid/4744