Arbitrary Command Execution via Shell Metacharacters in ioQuake3 Engine

Arbitrary Command Execution via Shell Metacharacters in ioQuake3 Engine

CVE-2011-1412 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.