Bug 684924 (CVE-2011-1932, CVE-2011-4675)
Summary: | widelands: possible arbitrary file overwrite vulnerability | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | hdegoede, jlieskov, nphilipp |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-07-05 03:57:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2011-03-14 20:00:07 UTC
I've prepared a rebase to Widelands "build16", which includes the fix for this, I'm going to push this as an update to all supported Fedora releases. Fantastic. Thank you, Hans. build16 is in Fedora now, so this can be closed. Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1932 to the following vulnerability: Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1932 [2] http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960 -- Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4675 to the following vulnerability: The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932. References: [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4675 [5] http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021 [6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960 |