7.5

CVE-2011-1412

Exploit
sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenarenaOpenarena Version0.8.x-15
   LinuxLinux Kernel
OpenarenaOpenarena Version0.8.x-16
   LinuxLinux Kernel
WorldofpadmanWorld Of Padman Version1.5
   LinuxLinux Kernel
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.21% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html
Exploit
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
http://secunia.com/advisories/45417
Vendor Advisory
http://secunia.com/advisories/45468
Vendor Advisory
http://securityreason.com/securityalert/8324
http://svn.icculus.org/quake3?view=rev&revision=2097
Patch
http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff
Patch
http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html
Patch
http://www.osvdb.org/74137
http://www.securityfocus.com/archive/1/519051/100/0/threaded
http://www.securityfocus.com/bid/48915
https://bugzilla.redhat.com/show_bug.cgi?id=725951
Patch
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/68869
https://security.gentoo.org/glsa/201706-23