CVE Catalog

CVE-1999-1229

Low
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.48%

37th percentile — higher than 37% of all known CVEs

Summary

Quake 2 server version 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, allowing local users to read arbitrary files via a symlink from config.cfg to the target file.

Risk Assessment

Local users may gain access to sensitive data, posing a risk of information leakage and privacy breaches within the system.

Recommendation

It is recommended to update the Quake 2 server to the latest version and verify the permissions of configuration files to prevent unauthorized access.

Original NVD description (English source)

Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS