Public Date:
725951: CVE-2011-1412 CVE-2011-2764 CVE-2011-3012 quake3: arbitrary code execution vulnerabilites in ioquake3

The MITRE CVE dictionary describes this issue as:

sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.

Find out more about CVE-2011-1412 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 5.1
Base Metrics AV:N/AC:H/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).