Bug 684924 - (CVE-2011-1932, CVE-2011-4675) widelands: possible arbitrary file overwrite vulnerability
widelands: possible arbitrary file overwrite vulnerability
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110305,reported=20110314,sou...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-14 16:00 EDT by Vincent Danen
Modified: 2011-12-05 06:31 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-07-04 23:57:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2011-03-14 16:00:07 EDT
A Debian bug report [1] noted that a security fix was committed to widelands [2].  The commit log is quite vague, but it looks as though it might be an arbitrary file overwrite vulnerability, judging by the code changes.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
[2] http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
Comment 1 Hans de Goede 2011-04-27 13:38:54 EDT
I've prepared a rebase to Widelands "build16", which includes the fix for this, I'm going to push this as an update to all supported Fedora releases.
Comment 2 Vincent Danen 2011-04-27 13:40:34 EDT
Fantastic.  Thank you, Hans.
Comment 3 Vincent Danen 2011-07-04 23:57:59 EDT
build16 is in Fedora now, so this can be closed.
Comment 4 Jan Lieskovsky 2011-12-05 06:31:11 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-1932 to the following vulnerability:

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1932
[2] http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960

--

Common Vulnerabilities and Exposures assigned an identifier CVE-2011-4675 to the following vulnerability:

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different
vulnerability than CVE-2011-1932.

References:
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4675
[5] http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
[6] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960

Note You need to log in before you can comment on or make changes to this bug.