freeciv unauthorized access - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

freeciv unauthorized access
Published: 16.10.2010
Source: BUGTRAQ
SecurityVulns ID: 11202
Type: client
Level: 5/10
Description: It's possible to access files and execute commands via scenario.

Affected: FREECIV : freeciv 2.2
FREECIV : freeciv 2.3
CVE: CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.)

Original document MANDRIVA, [ MDVSA-2010:205 ] freeciv (16.10.2010)

Discuss: Read or add your comments to this news (0 comments)