Published: 04/08/2011 Updated: 09/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x prior to 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ioquake3 ioquake3_engine
worldofpadman world_of_padman 1.5
openarena openarena 0.8.x-15
openarena openarena 0.8.x-16

Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities ...

CWE-20 http://www.osvdb.org/74137 http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff http://secunia.com/advisories/45417 http://secunia.com/advisories/45468 http://www.securityfocus.com/bid/48915 http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html https://bugzilla.redhat.com/show_bug.cgi?id=725951 http://svn.icculus.org/quake3?view=rev&revision=2097 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html http://securityreason.com/securityalert/8324 https://security.gentoo.org/glsa/201706-23 https://exchange.xforce.ibmcloud.com/vulnerabilities/68869 http://www.securityfocus.com/archive/1/519051/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/103532/Quake-3-Shell-Injection-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-1412

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect