Phase:Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
ReferencesBUGTRAQ:Wednesday, February 25, 1998 Quake 2 Linux 3.13 (and lower) allow users to read arbitrary files | URL:http://www.securityfocus.com/archive/1/8590 | XF:linux-quake2(733) | URL:http://xforce.iss.net/static/733.php
Votes:Proposed (Wednesday, September 12, 2001)
Comments: ACCEPT(1) Frech | NOOP(3) Wall, Foat, Cole
F7: