[quake3] New bug found...
Shane Isley
shane at it.uts.edu.au
Mon May 8 19:45:11 EDT 2006
Thilo Schulz wrote:
>Hi,
>
>Ludwig and me have found and reported a bug to ID that we haven't disclosed
>until today on the wish of ID.
>The bug allows to download *any* file from sv_allowdownload enabled servers
>(like /etc/passwd)
>You can find the advisory i sent to FD and bugtraq here:
>
>http://lists.grok.org.uk/pipermail/full-disclosure/2006-May/045906.html
>
>
>
Nice work both of you.
Just a shame 1.32c isn't rev777 with all it's fixes and platforms; would
have been a hell of a way to do a release.
Shane
More information about the quake3
mailing list