Bug#684143: redeclipse: security issues with transmitted map cfgs

Martin Erik Werner martinerikwerner at gmail.com
Tue Aug 7 12:53:31 UTC 2012


Extended description of the issue:
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (which must be
chosen by admin on a server, or created in cooperative editing mode). A
script like this could trivially read/write to any files which the user
running the client has access to (it is executed when the client loads
the map).

Patch:
The patch stops "textedit" commands being able to be run in map-run
scripts, thus disabling the ability to read/write to user files.

Also attached new patch file including this description.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: security-text-command-fix.patch
Type: text/x-patch
Size: 1346 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20120807/660de66e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20120807/660de66e/attachment.pgp>


More information about the Pkg-games-devel mailing list