CVE-2011-1412

Exploit

EPSS 2.38%
Published 04.08.2011 02:45:32
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Ioquake3 ≫ Ioquake3 Engine

Linux ≫ Linux Kernel

Openarena ≫ Openarena Version0.8.x-15

Linux ≫ Linux Kernel

Openarena ≫ Openarena Version0.8.x-16

Linux ≫ Linux Kernel

Worldofpadman ≫ World Of Padman Version1.5

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.38%	0.843

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html

http://secunia.com/advisories/45417

Vendor Advisory

http://secunia.com/advisories/45468

Vendor Advisory

http://securityreason.com/securityalert/8324

http://svn.icculus.org/quake3?view=rev&revision=2097

Patch

http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff

Patch