CVE-2004-2592 - OpenCVE

Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Id Software	Quake Ii Server

Configuration 1 [-]

OR	cpe:2.3:a:id_software:quake_ii_server:3.20:::::::*
	cpe:2.3:a:id_software:quake_ii_server:3.21:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html
http://secunia.com/advisories/13013	Exploit Vendor Advisory
http://secur1ty.net/advisories/001	Vendor Advisory
http://securitytracker.com/id?1011979	Exploit
http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/
http://www.osvdb.org/11181
http://www.securityfocus.com/bid/11551
https://exchange.xforce.ibmcloud.com/vulnerabilities/17890

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-29T02:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-11-29T00:00:00

Link: CVE-2004-2592

JSON object: View

NVD Information

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:32:02.217

Link: CVE-2004-2592

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-10-27T00:00:00", "descriptions": [{"lang": "en", "value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"}, {"name": "1011979", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011979"}, {"name": "11551", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11551"}, {"name": "11181", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/11181"}, {"name": "quake-configstrings-baselines-dos(17890)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"}, {"name": "13013", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/13013"}, {"tags": ["x_refsource_MISC"], "url": "http://secur1ty.net/advisories/001"}, {"name": "20041027 Multiple Vulnerabilites in Quake II Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2592", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/", "refsource": "CONFIRM", "url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"}, {"name": "1011979", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011979"}, {"name": "11551", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11551"}, {"name": "11181", "refsource": "OSVDB", "url": "http://www.osvdb.org/11181"}, {"name": "quake-configstrings-baselines-dos(17890)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"}, {"name": "13013", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/13013"}, {"name": "http://secur1ty.net/advisories/001", "refsource": "MISC", "url": "http://secur1ty.net/advisories/001"}, {"name": "20041027 Multiple Vulnerabilites in Quake II Server", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2592", "datePublished": "2005-11-29T02:00:00", "dateReserved": "2005-11-29T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:id_software:quake_ii_server:3.20:*:*:*:*:*:*:*", "matchCriteriaId": "0437DF9D-59E3-4071-B80C-600D14BACEF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:id_software:quake_ii_server:3.21:*:*:*:*:*:*:*", "matchCriteriaId": "04FCF957-BCF1-43CE-894D-43E25F45BB40", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines."}], "id": "CVE-2004-2592", "lastModified": "2017-07-11T01:32:02.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://secunia.com/advisories/13013"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secur1ty.net/advisories/001"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://securitytracker.com/id?1011979"}, {"source": "cve@mitre.org", "url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/11181"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11551"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17890"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}