The Quake server has a feature where it allows
administrators to remotely send commands to the Quake
console with a password. However, it is possible to
remotely bypass authentication.
In order for this to be exploited, the attacker would
have to create a handcrafted udp packet with a header
containing the rcon command and the password "tms" with
a source IP coming from ID Software's Subnet. (192.246.40)
The Quake server does not require an open connection for
sending the rcon packet. When this is exploited, no logs
are reported of the rcon command being used.
This vulnerability is present in Quake 1, QuakeWorld,
Quake 2, Quake 2 Linux and Quake 2 Solaris, all versions.
Fix for this problem
Filter all incoming packets from the subnet 192.246.40.
Currently here are no patches available.