[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-1412

Date: (C)2011-08-03   (M)2017-08-18
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Reference:
http://www.securityfocus.com/archive/1/archive/1/519051/100/0/threaded
SECUNIA-45417
SECUNIA-45468
BID-48915
OSVDB-74137
SREASON-8324
FEDORA-2011-9898
GLSA-201706-23
http://svn.icculus.org/quake3?view=rev&revision=2097
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html
https://bugzilla.redhat.com/show_bug.cgi?id=725951
ioquake-idtech-command-execution(68869)

CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:102788
oval:org.secpod.oval:def:102785
oval:org.secpod.oval:def:102819
oval:org.secpod.oval:def:102881
...

© 2013 SecPod Technologies