COMMAND

    Quake I

SYSTEMS AFFECTED

    Systems running Quake I

PROBLEM

    Chris Evans found following.  Basically, the client is careless at
    parsing certain server messages.  This includes but is by no means
    limited to:

        1) List  of  precache  paths.  Each arbitrary length  precache
           string the server  gives the client,  is stuffed into  a 64
           byte  buffer  ON  THE  STACK.   Ouch.  This conversation of
           precaching is part of connection.
        2) Careless parsing of server name/address etc. when  querying
           status.   Again  strings  are  stuffed  into  fixed  length
           buffers..
        3) Server  can  as  part  of  protocol  give client  arbitrary
           console   command.      Of    these,    at   least     "map
           blahblah_bigger_than_64_chars"  will  cause  a buffer/stack
           overrun.

    Scarily, at least 1) and  3) are still present in  _latest_ quakeI
    client, 1.09,  and will  be cross-platform  execute-arbitrary-code
    problems.

SOLUTION

    Nothing yet...next release - perhaps.