430868 – games-fps/redeclipse-1.2: security issues with transmitted map cfgs

Bug 430868 - games-fps/redeclipse-1.2: security issues with transmitted map cfgs

Summary: games-fps/redeclipse-1.2: security issues with transmitted map cfgs

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Misc (show other bugs)
Hardware:	All Linux

Importance:	Normal critical (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-11 03:08 UTC by Martin Erik Werner
Modified:	2012-08-12 12:37 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
File access security fix (security-text-command-fix.patch,1.31 KB, patch) 2012-08-11 03:09 UTC, Martin Erik Werner	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Martin Erik Werner 2012-08-11 03:08:24 UTC

Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map).

Patch:
The patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.

Reproducible: Always

Comment 1 Martin Erik Werner 2012-08-11 03:09:57 UTC

Created attachment 320962 [details, diff]
File access security fix

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-08-12 12:37:59 UTC

Marking INVALID: games-fps/redeclipse is not in the main tree and we don't handle packages in the gamerlay overlay.