CVE-1999-1229

Name of the Vulnerable Software and Affected Versions Quake 2 server version 3.13

Description The issue arises from improper file permission checks for the config.cfg configuration file, allowing local users to read arbitrary files by creating a symlink from config.cfg to the target file.

Recommendations For Quake 2 server version 3.13, consider restricting access to the config.cfg file to prevent local users from creating symlinks to arbitrary files until a proper fix is applied. As a temporary workaround, ensure that the config.cfg file is not writable by unauthorized users to minimize the risk of exploitation.