Red Hat Bugzilla – Bug 846368
redeclipse: arbitrary file disclosue flaw with transmitted map cfg scripts
Last modified: 2012-08-25 12:05:58 EDT
A flaw was found in the way Red Eclipse handled config files. In cube2-engine games, game maps can be transmitted either from the server to a client, or from client to client. These maps include a config file (mapname.cfg) in "cubescript" format, which allows for an attacker to send a malicious script via a new map. This map must either be chosen by an administrator on the server, or created in co-operative editing mode. A malicious script could then be used to read or write to any files that the user running the client has access to when the victim loads a map with the malicious configuration file.
This has been corrected upstream:
Created redeclipse tracking bugs for this issue
Affects: fedora-17 [bug 846372]
redeclipse-1.2-12.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.