CVE-2011-1412

Published: Aug 4, 2011Modified: Apr 29, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Affected (4)

Products: Ioquake3: Ioquake3 Engine · Openarena: Openarena · Worldofpadman: World Of Padman

1 product

Ioquake3 Engine

1 product

1 product

World Of Padman

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ioquake3 Ioquake3 Engine	All versions
Openarena Openarena	Version 0.8.x-15
Openarena Openarena	Version 0.8.x-16
Worldofpadman World Of Padman	Version 1.5

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (28)

http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html

Source: cve@mitre.org

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html

Source: cve@mitre.org

http://secunia.com/advisories/45417

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/45468

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/8324

Source: cve@mitre.org

http://svn.icculus.org/quake3?view=rev&revision=2097

Source: cve@mitre.org

Patch

http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff

Source: cve@mitre.org

Patch

http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html

Source: cve@mitre.org

Patch

http://www.osvdb.org/74137

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/519051/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/48915

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=725951

Source: cve@mitre.org

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/68869

Source: cve@mitre.org

https://security.gentoo.org/glsa/201706-23

Source: cve@mitre.org

http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/45417

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/45468

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/8324

Source: af854a3a-2127-422b-91ae-364da2661108

http://svn.icculus.org/quake3?view=rev&revision=2097

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://worldofpadman.com/website/news/en/article/266/wop-1-5-1-1-hotfix-released-for-linux.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.osvdb.org/74137

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/519051/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/48915

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=725951

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://exchange.xforce.ibmcloud.com/vulnerabilities/68869

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201706-23

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.