CVE-2011-1412

Description

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

How to fix CVE-2011-1412

To remediate CVE-2011-1412, upgrade the affected package to a fixed version below.

• Debian/ioquake3—upgrade to 1.36+svn1946-4 or later

Is CVE-2011-1412 being exploited?

Low — EPSS is 4.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.36+svn1946-4

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1412