[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

111017

 
 

909

 
 

86402

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-1412Date: (C)2011-08-03   (M)2018-04-04


sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.5
Exploit Score: Exploit Score: 10.0
Impact Score: Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: PARTIAL
Scope: Integrity: PARTIAL
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
http://www.securityfocus.com/archive/1/archive/1/519051/100/0/threaded
SECUNIA-45417
SECUNIA-45468
BID-48915
OSVDB-74137
SREASON-8324
FEDORA-2011-9898
GLSA-201706-23
http://svn.icculus.org/quake3?view=rev&revision=2097
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html
https://bugzilla.redhat.com/show_bug.cgi?id=725951
ioquake-idtech-command-execution(68869)

CWE    1
CWE-20
OVAL    4
oval:org.secpod.oval:def:102788
oval:org.secpod.oval:def:102785
oval:org.secpod.oval:def:102819
oval:org.secpod.oval:def:102881
...

© SecPod Technologies