Submitted by: Gamefreak_cd_copy
Source: http://live.altavista.com/scripts/editorial.dll?efi=980&ei=1761384&ern=y
Quake III Security Flaw Found Apply the patch now. Otherwise, a Trojan server could be shooting up your system while you play. Game developer Id Software Inc. announced on Wednesday that its flagship first-person shooter has a security flaw that could leave Quake III (shopping.com) players' computers open to attack while they play. "The basic nature of the exploit is that malicious server operators could overwrite any file on a client system," wrote Robert Duffy, a programmer at Id Software, in his .plan file on Wednesday. The flaw was found last week by network security firm Internet Security Systems Inc. and could allow an attacker running a Quake III server to read and write to any player's computer connecting that server. Internet Security Systems waited until Id Software could issue a patch before sending out an alert to users and the press. "This vulnerability is important to network administrators who may be unaware that users are accessing potentially malicious Quake3Arena servers outside their network," wrote Internet Security Systems in the alert. Id Software fixed the flaw in its latest patch release, Version 1.17, released on Wednesday. To force users to move over to the secured Quake III client, Id Software has made Version 1.17 of the game incompatible with earlier -- and insecure -- versions. |
