CVE-2002-0770

Name of the Vulnerable Software and Affected Versions: Quake 2 server versions 3.20 through 3.21

Description: The issue allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute admin commands on the Quake 2 server. This is achieved by using a client that does not expand "$" macros, causing the server to expand these macros and leak the information. For example, using the command "say $rcon password" can demonstrate this issue.

Recommendations: For Quake 2 server versions 3.20 and 3.21, consider restricting access to admin commands and sensitive server variables until a fix is available. As a temporary workaround, avoid using the $rcon password variable in client commands to minimize the risk of information leakage.