VULHUB ™

Quake 3 network play features contain a remotely exploitable denial of service vulnerability. A hostile client program can be used by to generate a large number of forged client queries on behalf of a target user. The server's responses flood the target user, consuming the target system's network bandwidth and CPU cycles. It has been reported that other games suffer from similar issues. Additional amplification attacks may be possible through the usage of commands which return detailed information about the game status or server information. In some cases, packets larger than 500 bytes may be sent in response to a 50 byte spoofed UDP packet.

Quake 3 network play features contain a remotely exploitable denial of service vulnerability. A hostile client program can be used by to generate a large number of forged client queries on behalf of a target user. The server's responses flood the target user, consuming the target system's network bandwidth and CPU cycles. It has been reported that other games suffer from similar issues. Additional amplification attacks may be possible through the usage of commands which return detailed information about the game status or server information. In some cases, packets larger than 500 bytes may be sent in response to a 50 byte spoofed UDP packet.