CVE-2011-1412

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
http://secunia.com/advisories/45417 Vendor Advisory
http://secunia.com/advisories/45468 Vendor Advisory
http://securityreason.com/securityalert/8324
http://svn.icculus.org/quake3?view=rev&revision=2097 Patch
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff Patch
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html Patch
http://www.osvdb.org/74137
http://www.securityfocus.com/archive/1/519051/100/0/threaded
http://www.securityfocus.com/bid/48915
https://bugzilla.redhat.com/show_bug.cgi?id=725951 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68869
https://security.gentoo.org/glsa/201706-23
http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
http://secunia.com/advisories/45417 Vendor Advisory
http://secunia.com/advisories/45468 Vendor Advisory
http://securityreason.com/securityalert/8324
http://svn.icculus.org/quake3?view=rev&revision=2097 Patch
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff Patch
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html Patch
http://www.osvdb.org/74137
http://www.securityfocus.com/archive/1/519051/100/0/threaded
http://www.securityfocus.com/bid/48915
https://bugzilla.redhat.com/show_bug.cgi?id=725951 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68869
https://security.gentoo.org/glsa/201706-23
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:openarena:openarena:0.8.x-15:*:*:*:*:*:*:*
cpe:2.3:a:openarena:openarena:0.8.x-16:*:*:*:*:*:*:*
cpe:2.3:a:worldofpadman:world_of_padman:1.5:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:26

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html - Exploit () http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html - Exploit
References () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html - () http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html -
References () http://secunia.com/advisories/45417 - Vendor Advisory () http://secunia.com/advisories/45417 - Vendor Advisory
References () http://secunia.com/advisories/45468 - Vendor Advisory () http://secunia.com/advisories/45468 - Vendor Advisory
References () http://securityreason.com/securityalert/8324 - () http://securityreason.com/securityalert/8324 -
References () http://svn.icculus.org/quake3?view=rev&revision=2097 - Patch () http://svn.icculus.org/quake3?view=rev&revision=2097 - Patch
References () http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff - Patch () http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff - Patch
References () http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html - Patch () http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html - Patch
References () http://www.osvdb.org/74137 - () http://www.osvdb.org/74137 -
References () http://www.securityfocus.com/archive/1/519051/100/0/threaded - () http://www.securityfocus.com/archive/1/519051/100/0/threaded -
References () http://www.securityfocus.com/bid/48915 - () http://www.securityfocus.com/bid/48915 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=725951 - Exploit, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=725951 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/68869 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/68869 -
References () https://security.gentoo.org/glsa/201706-23 - () https://security.gentoo.org/glsa/201706-23 -

Information

Published : 2011-08-04 02:45

Updated : 2024-11-21 01:26


NVD link : CVE-2011-1412

Mitre link : CVE-2011-1412

CVE.ORG link : CVE-2011-1412


JSON object : View

Products Affected

openarena

  • openarena

worldofpadman

  • world_of_padman

ioquake3

  • ioquake3_engine

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation