A security flaw involving the server software that allows Quake III players to play the popular shoot-them-up over a network has been reported.

According to a posting on respected security mailing list BugTraq, a buffer overflow vulnerability in Quake III Arena Server could allow a malicious users to crash a system hosting the game.

The issue, which has been reported to id Software which developed the game, has the potential, as with all buffer overflow bugs, to allow an attacker to execute arbitrary code on a server, potentially enabling him to take control of a machine.

Both Quake III Arena 1.29f and 1.29g are affected by the problem, and earlier versions of the software are believed to be safe.

A beta version of Quake III 1.29h, which addresses a "server crash exploit" and improves game play had been released by id Software, which is recommending that users of Quake III Arena 1.29f and 1.29g should upgrade. ®

External Links

Quake III arena (http://www.quake3arena.com)
Discussion of the security problem from BugTraq (http://www.securityfocus.com/bid/3123)

Related Stories

BOFH: How to upgrade your Quake Server (http://www.theregister.co.uk/content/30/17014.html)