Fedora 17 : redeclipse-1.2-12.fc17 (2012-11582)

NASLDB: Fedora 17 : redeclipse-1.2-12.fc17 (2012-11582)

General

ID: 61582
Name: Fedora 17 : redeclipse-1.2-12.fc17 (2012-11582)

Summary: Checks rpm output for the updated package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: Fedora Local Security Checks
Type: Local

Description

A flaw was found in the way Red Eclipse handled config files. In
cube2-engine games, game maps can be transmitted either from the
server to a client, or from client to client. These maps include a
config file (mapname.cfg) in ‘cubescript’ format, which allows for an
attacker to send a malicious script via a new map. This map must
either be chosen by an administrator on the server, or created in
co-operative editing mode. A malicious script could then be used to
read or write to any files that the user running the client has access
to when the victim loads a map with the malicious configuration file.

The patch included in this update stops ‘textedit’ commands being able
to be run in map-run scripts, thus disabling the ability to read/write
to user files.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: –
Patch Release: 2012/08/09
Plugin Release: 2012/08/20

Plugin

Version: 1.2
Filename: fedora_2012-11582.nasl
Filesize: 3395 bytes
MD5 Hash: e9f997b1ef668e3786c71870e575f743

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"

Letzte Plugins

Letzte Plugins

scip AG