Lucene search

K
gentooGentoo FoundationGLSA-201402-07
HistoryFeb 06, 2014 - 12:00 a.m.

Freeciv: User-assisted execution of arbitrary code

2014-02-0600:00:00
Gentoo Foundation
security.gentoo.org
14

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.0%

Background

Freeciv is an open-source empire building strategy game.

Description

The Lua component of Freeciv does not restrict which modules may be loaded by scenario scripts.

Impact

A remote attacker could entice a user to open a specially crafted scenario file, possibly resulting in execution of arbitrary code or reading of arbitrary files with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All Freeciv users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-strategy/freeciv-2.2.1"

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since July 26, 2010. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyallgames-strategy/freeciv< 2.2.1UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

74.0%