CVE-2011-1412

Exploit

EPSS 2.38%
Veröffentlicht 04.08.2011 02:45:32
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ioquake3 ≫ Ioquake3 Engine

Linux ≫ Linux Kernel

Openarena ≫ Openarena Version0.8.x-15

Linux ≫ Linux Kernel

Openarena ≫ Openarena Version0.8.x-16

Linux ≫ Linux Kernel

Worldofpadman ≫ World Of Padman Version1.5

Linux ≫ Linux Kernel

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.38%	0.843

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html

http://secunia.com/advisories/45417

Vendor Advisory

http://secunia.com/advisories/45468

Vendor Advisory

http://securityreason.com/securityalert/8324

http://svn.icculus.org/quake3?view=rev&revision=2097

Patch

http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff

Patch