[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1412Date: (C)2011-08-03   (M)2023-12-22


sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/519051/100/0/threaded
SECUNIA-45417
SECUNIA-45468
BID-48915
OSVDB-74137
SREASON-8324
FEDORA-2011-9898
GLSA-201706-23
http://svn.icculus.org/quake3?view=rev&revision=2097
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html
https://bugzilla.redhat.com/show_bug.cgi?id=725951
ioquake-idtech-command-execution(68869)

CPE    1
cpe:/o:linux:linux_kernel
CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:102788
oval:org.secpod.oval:def:102785
oval:org.secpod.oval:def:102819
oval:org.secpod.oval:def:102881
...

© SecPod Technologies