CVE-2011-2764

Quake 3 Shell Injection / Code Execution

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.

La función FS_CheckFilenameIsNotExecutable de qcommon/files.c en el motor de ioQuake3 1.36 y versiones anteriores, tal como se usa en "World of Padman", "Smokin' Guns", OpenArena, Tremulous y ioUrbanTerror, no detecta extensiones de archivo peligrosas, lo que permite a atacantes remotos ejecutar código arbitrario a través de un complemento de terceras partes modificado que crea un archivo DLL troyanizado.

Multiple games using the Quake engine suffer from remote shell injection and code execution vulnerabilities.

*Credits: N/A

CVSS Scores

NISTv2 10.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2011-07-19 CVE Reserved
2011-07-29 CVE Published
2024-03-24 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (12)

URL	Tag	Source
http://secunia.com/advisories/45539	Third Party Advisory
http://secunia.com/advisories/45540	Third Party Advisory
http://securityreason.com/securityalert/8324	Third Party Advisory
http://www.securityfocus.com/archive/1/519051/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/48915	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/68870	Vdb Entry

URL	Date	SRC
http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html	2024-08-06
https://bugzilla.redhat.com/show_bug.cgi?id=725951	2024-08-06

URL	Date	SRC
http://svn.icculus.org/quake3?view=rev&revision=2098	2018-10-09
http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff	2018-10-09

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html	2018-10-09
https://security.gentoo.org/glsa/201706-23	2018-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ioquake3 Search vendor "Ioquake3"		Ioquake3 Engine Search vendor "Ioquake3" for product "Ioquake3 Engine"				<= 1.36 Search vendor "Ioquake3" for product "Ioquake3 Engine" and version " <= 1.36"		-		Affected
Ioquake3 Search vendor "Ioquake3"		Ioquake3 Engine Search vendor "Ioquake3" for product "Ioquake3 Engine"				1.36 Search vendor "Ioquake3" for product "Ioquake3 Engine" and version "1.36"		rc1		Affected
Openarena Search vendor "Openarena"		Openarena Search vendor "Openarena" for product "Openarena"				*		-		Affected
Smokin-guns Search vendor "Smokin-guns"		Smokin\' Guns Search vendor "Smokin-guns" for product "Smokin\' Guns"				*		-		Affected
Tremulous Search vendor "Tremulous"		Tremulous Search vendor "Tremulous" for product "Tremulous"				*		-		Affected
Urbanterror Search vendor "Urbanterror"		Iourbanterror Search vendor "Urbanterror" for product "Iourbanterror"				*		-		Affected
Worldofpadman Search vendor "Worldofpadman"		World Of Padman Search vendor "Worldofpadman" for product "World Of Padman"				*		-		Affected