FKIE_CVE-2011-2764

Vulnerability from fkie_nvd - Published: 2011-08-04 02:45 - Updated: 2025-04-11 00:51
Severity ?
Summary
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.htmlExploit
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
cve@mitre.orghttp://secunia.com/advisories/45539
cve@mitre.orghttp://secunia.com/advisories/45540
cve@mitre.orghttp://securityreason.com/securityalert/8324
cve@mitre.orghttp://svn.icculus.org/quake3?view=rev&revision=2098Patch
cve@mitre.orghttp://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diffPatch
cve@mitre.orghttp://www.securityfocus.com/archive/1/519051/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/48915
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=725951Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/68870
cve@mitre.orghttps://security.gentoo.org/glsa/201706-23
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45539
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/45540
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8324
af854a3a-2127-422b-91ae-364da2661108http://svn.icculus.org/quake3?view=rev&revision=2098Patch
af854a3a-2127-422b-91ae-364da2661108http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diffPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/519051/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/48915
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=725951Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/68870
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201706-23
Impacted products
Vendor Product Version
ioquake3 ioquake3_engine *
ioquake3 ioquake3_engine 1.36
openarena openarena *
smokin-guns smokin\'_guns *
tremulous tremulous *
urbanterror iourbanterror *
worldofpadman world_of_padman *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A70EB58-3D3F-4A80-AD7C-0592C3BD3D3C",
              "versionEndIncluding": "1.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ioquake3:ioquake3_engine:1.36:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "631580B6-FB90-44D0-A960-DE418F684FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openarena:openarena:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C66CEED6-0C18-4A8C-8369-2C8E23434587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:smokin-guns:smokin\\\u0027_guns:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EBAD21-CC29-4EF3-BE6D-334734D175FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tremulous:tremulous:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63624600-4577-4D6E-A733-1668CFD7732C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:urbanterror:iourbanterror:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CA0A90-BF68-4294-86E5-4CF170709C08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D65EC1-0FB2-4628-B877-EE1B00A26B56",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin\u0027 Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n FS_CheckFilenameIsNotExecutable de qcommon/files.c en el motor de ioQuake3 1.36 y versiones anteriores, tal como se usa en \"World of Padman\", \"Smokin\u0027 Guns\", OpenArena, Tremulous y ioUrbanTerror, no detecta extensiones de archivo peligrosas, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un complemento de terceras partes modificado que crea un archivo DLL troyanizado."
    }
  ],
  "id": "CVE-2011-2764",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-08-04T02:45:32.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/45540"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8324"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.icculus.org/quake3?view=rev\u0026revision=2098"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/48915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201706-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2011-07/0338.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/45540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://svn.icculus.org/quake3?view=rev\u0026revision=2098"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/519051/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/48915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=725951"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201706-23"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.