CVE-1999-1229
LowExploitation Probability (EPSS)
Low risk37th percentile — higher than 37% of all known CVEs
Summary
Quake 2 server version 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, allowing local users to read arbitrary files via a symlink from config.cfg to the target file.
Risk Assessment
Local users may gain access to sensitive data, posing a risk of information leakage and privacy breaches within the system.
Recommendation
It is recommended to update the Quake 2 server to the latest version and verify the permissions of configuration files to prevent unauthorized access.
Original NVD description (English source)
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.

