Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 430868

Summary: games-fps/redeclipse-1.2: security issues with transmitted map cfgs
Product: Gentoo Security Reporter: Martin Erik Werner <martinerikwerner>
Component: MiscAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: critical    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: File access security fix

Description Martin Erik Werner 2012-08-11 03:08:24 UTC
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map).

Patch:
The patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.

Reproducible: Always
Comment 1 Martin Erik Werner 2012-08-11 03:09:57 UTC
Created attachment 320962 [details, diff]
File access security fix
Comment 2 Sean Amoss (RETIRED) gentoo-dev Security 2012-08-12 12:37:59 UTC
Marking INVALID: games-fps/redeclipse is not in the main tree and we don't handle packages in the gamerlay overlay.