{"id": "SECURITYVULNS:DOC:26764", "bulletinFamily": "software", "title": "Two security issues fixed in ioQuake3 engine", "description": "Hello,\r\n\r\nQuake 3 is a popular online first person shooter developed by IDsoftware [1] \r\nthat has been released in 1999 and is still widely played.\r\nAfter the release of the source code under the GPL, the ioQuake3 project [2]\r\nwas started that is dedicated to maintaining the existing codebase.\r\n\r\nSeveral game projects are using a modified version of the ioQuake3 engine.\r\nSome of these projects are:\r\n\r\n - World of Padman [3]\r\n - Smokin' Guns [4]\r\n - OpenArena [5]\r\n - Tremulous [6]\r\n\r\n========================================\r\nIssue #1:\r\n\r\nRemote shell injection vulnerability on connecting clients\r\n========================================\r\n\r\nThis bug has been discovered by /dev/humancontroller. Parts of the\r\ndescription here are also by him.\r\n\r\n * details\r\n\r\nIf an ioQuake3 client for UNIX-like systems connects to a malicious id Tech\r\n3 (Point Release 1.32 compatible) server, the server can force execution of\r\narbitrary shell commands on the client's system.\r\n\r\n * CVE\r\n\r\nCVE-2011-1412 has been assigned for this issue.\r\n\r\n * severity\r\n\r\nhigh\r\n\r\n * affected OS\r\n\r\nAll UNIXoid systems, except MacOSX:\r\n - Linux\r\n - FreeBSD\r\n - NetBSD\r\n - [...]\r\n\r\nNot affected:\r\n - Windows\r\n - MacOSX\r\n\r\n * games affected\r\n\r\n - IoQuake3 after revision 1773 and before 2097\r\n - World of Padman 1.5.1\r\n - OpenArena packaged by some Linux distributors\r\n\r\nOther game engines based on the ioQuake3 codebase, that have merged ioQuake3\r\nrevision 1773, but not 2097, are also vulnerable.\r\n\r\n * workaround\r\n\r\nNo workaround.\r\n\r\n * proof of concept\r\n\r\nLaunch an ioQuake3 game server. Set the fs_game cvar to "`echo\r\nTROLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLO\r\n> trollme.txt`". Connect to the server with a recent ioQuake3 client for\r\nUNIX-like systems. The client should (after failing to create a directory\r\nwith an overly long name) execute a shell command to write a file.\r\n\r\n * patches\r\n\r\nSeveral distributors have already been contacted and have prepared patches\r\nfor their distributions.\r\nA sourcecode patch can be got here:\r\n\r\n http://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff\r\n\r\n========================================\r\nIssue #2:\r\n\r\nMalicious gamecode can Execute arbitrary code outside of\r\nQ3 Virtual Machine context\r\n========================================\r\n\r\nThis bug has been discovered by /dev/humancontroller.\r\n\r\n * details\r\n\r\nThe Quake3 engine uses game-specific code that is provided in a platform\r\nindependent bytecode format. This code has restricted access to\r\nfunctionality provided by the engine. It should not be allowed access to\r\ndata outside the VM context.\r\nOver the course of gameplay, the quake3 engine may dynamically load DLL\r\nfiles in certain configurations. For instance, if vm_ui is set to "0" quake3\r\ntries to open a DLL file to load the game logic behind the user interface.\r\n\r\nPart of the functionality offered to VM logic is the possibility to write to\r\nfiles within the quake3 directory. By writing a malicious DLL file, a\r\nprogram residing in the VM could trigger the execution of code outside the VM\r\ncontext.\r\nTo prevent this from happening, ioquake3 introduced a file extension check\r\nin r1499 which denied writing files with certain names. However, this check\r\nwas broken and corrected in r2098 only.\r\n\r\nThis security issue has been around for a long time even in the original\r\nquake3 engine and is not limited to ioquake3.\r\nIt affects a wide range of commercial games as well. It is only exploitable\r\nif a user installs 3rd party addons from untrusted sources.\r\nQuake3 was never really designed to be secure against malicious 3rd party\r\ncontent, and probably isn't even in latest revisions of ioquake3. So\r\ndownloading of untrusted content is still discouraged.\r\n\r\n * CVE\r\n\r\nCVE-2011-2764 has been assigned for this issue.\r\n\r\n * severity\r\n\r\nmedium\r\n\r\n * affected OS\r\n\r\nAll OS with dynamic linker\r\n\r\n * games affected\r\n\r\nAll games using the quake3 engine\r\n\r\n * workaround\r\n\r\nDon't download and install untrusted addons. Set cl_allowdownload to 0\r\n\r\n * patches\r\n\r\nSeveral distributors have already been contacted and have prepared patches\r\nfor their distributions.\r\nA sourcecode patch can be got here:\r\n\r\n http://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff\r\n\r\n========================================\r\nAcknowledgements\r\n========================================\r\n\r\nThanks to...\r\n\r\n... /dev/humancontroller for reporting these bugs\r\n\r\n... Simon McVittie for helping to coordinate the disclosure of this bug\r\n\r\n========================================\r\nReferences\r\n========================================\r\n\r\n[1] http://www.idsoftware.com\r\n[2] http://www.ioquake3.org\r\n[3] http://www.worldofpadman.com\r\n[4] http://www.smokin-guns.net/\r\n[5] http://www.openarena.ws\r\n[6] http://www.tremulous.net\r\n\r\n-- \r\nThilo Schulz", "published": "2011-08-01T00:00:00", "modified": "2011-08-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:26764", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:41", "edition": 1, "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:10:41", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2764", "CVE-2011-1412"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310863404", "OPENVAS:1361412562310863403", "OPENVAS:1361412562310863408", "OPENVAS:863409", "OPENVAS:863403", "OPENVAS:863404", "OPENVAS:863909", "OPENVAS:863851", "OPENVAS:863408", "OPENVAS:1361412562310863409"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11824"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:103532"]}, {"type": "nessus", "idList": ["FEDORA_2012-2419.NASL", "FEDORA_2011-9898.NASL", "FEDORA_2012-2238.NASL", "FEDORA_2012-2405.NASL", "GENTOO_GLSA-201706-23.NASL", "FEDORA_2011-9774.NASL", "FEDORA_2011-10039.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201706-23"]}], "modified": "2018-08-31T11:10:41", "rev": 2}, "vulnersScore": 7.5}, "affectedSoftware": []}

{"cve": [{"lastseen": "2020-12-09T19:39:08", "description": "The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file.", "edition": 5, "cvss3": {}, "published": "2011-08-04T02:45:00", "title": "CVE-2011-2764", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2764"], "modified": "2018-10-09T19:33:00", "cpe": ["cpe:/a:tremulous:tremulous:*", "cpe:/a:urbanterror:iourbanterror:*", "cpe:/a:smokin-guns:smokin\\'_guns:*", "cpe:/a:openarena:openarena:*", "cpe:/a:ioquake3:ioquake3_engine:1.36", "cpe:/a:worldofpadman:world_of_padman:*"], "id": "CVE-2011-2764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2764", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ioquake3:ioquake3_engine:1.36:*:*:*:*:*:*:*", "cpe:2.3:a:openarena:openarena:*:*:*:*:*:*:*:*", "cpe:2.3:a:urbanterror:iourbanterror:*:*:*:*:*:*:*:*", "cpe:2.3:a:ioquake3:ioquake3_engine:1.36:rc1:*:*:*:*:*:*", "cpe:2.3:a:worldofpadman:world_of_padman:*:*:*:*:*:*:*:*", "cpe:2.3:a:smokin-guns:smokin\\'_guns:*:*:*:*:*:*:*:*", "cpe:2.3:a:tremulous:tremulous:*:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:39:26", "description": "sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs_game variable.", "edition": 3, "cvss3": {}, "published": "2011-08-04T02:45:00", "title": "CVE-2011-1412", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-1412"], "modified": "2018-10-09T19:30:00", "cpe": ["cpe:/a:worldofpadman:world_of_padman:1.5", "cpe:/a:openarena:openarena:0.8.x-16", "cpe:/a:openarena:openarena:0.8.x-15", "cpe:/a:ioquake3:ioquake3_engine:*"], "id": "CVE-2011-1412", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1412", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:worldofpadman:world_of_padman:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:ioquake3:ioquake3_engine:*:*:*:*:*:*:*:*", "cpe:2.3:a:openarena:openarena:0.8.x-16:*:*:*:*:*:*:*", "cpe:2.3:a:openarena:openarena:0.8.x-15:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:21:50", "description": "", "published": "2011-07-29T00:00:00", "type": "packetstorm", "title": "Quake 3 Shell Injection / Code Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "modified": "2011-07-29T00:00:00", "id": "PACKETSTORM:103532", "href": "https://packetstormsecurity.com/files/103532/Quake-3-Shell-Injection-Code-Execution.html", "sourceData": "`Hello, \n \nQuake 3 is a popular online first person shooter developed by IDsoftware [1] \nthat has been released in 1999 and is still widely played. \nAfter the release of the source code under the GPL, the ioQuake3 project [2] \nwas started that is dedicated to maintaining the existing codebase. \n \nSeveral game projects are using a modified version of the ioQuake3 engine. \nSome of these projects are: \n \n- World of Padman [3] \n- Smokin' Guns [4] \n- OpenArena [5] \n- Tremulous [6] \n \n======================================== \nIssue #1: \n \nRemote shell injection vulnerability on connecting clients \n======================================== \n \nThis bug has been discovered by /dev/humancontroller. Parts of the \ndescription here are also by him. \n \n* details \n \nIf an ioQuake3 client for UNIX-like systems connects to a malicious id Tech \n3 (Point Release 1.32 compatible) server, the server can force execution of \narbitrary shell commands on the client's system. \n \n* CVE \n \nCVE-2011-1412 has been assigned for this issue. \n \n* severity \n \nhigh \n \n* affected OS \n \nAll UNIXoid systems, except MacOSX: \n- Linux \n- FreeBSD \n- NetBSD \n- [...] \n \nNot affected: \n- Windows \n- MacOSX \n \n* games affected \n \n- IoQuake3 after revision 1773 and before 2097 \n- World of Padman 1.5.1 \n- OpenArena packaged by some Linux distributors \n \nOther game engines based on the ioQuake3 codebase, that have merged ioQuake3 \nrevision 1773, but not 2097, are also vulnerable. \n \n* workaround \n \nNo workaround. \n \n* proof of concept \n \nLaunch an ioQuake3 game server. Set the fs_game cvar to \"`echo \nTROLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLOLO \n> trollme.txt`\". Connect to the server with a recent ioQuake3 client for \nUNIX-like systems. The client should (after failing to create a directory \nwith an overly long name) execute a shell command to write a file. \n \n* patches \n \nSeveral distributors have already been contacted and have prepared patches \nfor their distributions. \nA sourcecode patch can be got here: \n \nhttp://thilo.tjps.eu/download/patches/ioq3-svn-r2097.diff \n \n======================================== \nIssue #2: \n \nMalicious gamecode can Execute arbitrary code outside of \nQ3 Virtual Machine context \n======================================== \n \nThis bug has been discovered by /dev/humancontroller. \n \n* details \n \nThe Quake3 engine uses game-specific code that is provided in a platform \nindependent bytecode format. This code has restricted access to \nfunctionality provided by the engine. It should not be allowed access to \ndata outside the VM context. \nOver the course of gameplay, the quake3 engine may dynamically load DLL \nfiles in certain configurations. For instance, if vm_ui is set to \"0\" quake3 \ntries to open a DLL file to load the game logic behind the user interface. \n \nPart of the functionality offered to VM logic is the possibility to write to \nfiles within the quake3 directory. By writing a malicious DLL file, a \nprogram residing in the VM could trigger the execution of code outside the VM \ncontext. \nTo prevent this from happening, ioquake3 introduced a file extension check \nin r1499 which denied writing files with certain names. However, this check \nwas broken and corrected in r2098 only. \n \nThis security issue has been around for a long time even in the original \nquake3 engine and is not limited to ioquake3. \nIt affects a wide range of commercial games as well. It is only exploitable \nif a user installs 3rd party addons from untrusted sources. \nQuake3 was never really designed to be secure against malicious 3rd party \ncontent, and probably isn't even in latest revisions of ioquake3. So \ndownloading of untrusted content is still discouraged. \n \n* CVE \n \nCVE-2011-2764 has been assigned for this issue. \n \n* severity \n \nmedium \n \n* affected OS \n \nAll OS with dynamic linker \n \n* games affected \n \nAll games using the quake3 engine \n \n* workaround \n \nDon't download and install untrusted addons. Set cl_allowdownload to 0 \n \n* patches \n \nSeveral distributors have already been contacted and have prepared patches \nfor their distributions. \nA sourcecode patch can be got here: \n \nhttp://thilo.tjps.eu/download/patches/ioq3-svn-r2098.diff \n \n======================================== \nAcknowledgements \n======================================== \n \nThanks to... \n \n... /dev/humancontroller for reporting these bugs \n \n... Simon McVittie for helping to coordinate the disclosure of this bug \n \n======================================== \nReferences \n======================================== \n \n[1] http://www.idsoftware.com \n[2] http://www.ioquake3.org \n[3] http://www.worldofpadman.com \n[4] http://www.smokin-guns.net/ \n[5] http://www.openarena.ws \n[6] http://www.tremulous.net \n \n-- \nThilo Schulz \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/103532/quake3-exec.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "Shell characters vulnerability, code execution.", "edition": 1, "modified": "2011-08-01T00:00:00", "published": "2011-08-01T00:00:00", "id": "SECURITYVULNS:VULN:11824", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11824", "title": "ioQuake3 game engine security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-25T10:55:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "Check for the Version of openarena", "modified": "2017-07-10T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:863408", "href": "http://plugins.openvas.org/nasl.php?oid=863408", "type": "openvas", "title": "Fedora Update for openarena FEDORA-2011-9898", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openarena FEDORA-2011-9898\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openarena on Fedora 14\";\ntag_insight = \"OpenArena is an open-source content package for Quake III Arena licensed under\n the GPL, effectively creating a free stand-alone game.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063461.html\");\n script_id(863408);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9898\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for openarena FEDORA-2011-9898\");\n\n script_summary(\"Check for the Version of openarena\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openarena\", rpm:\"openarena~0.8.5~4.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:55:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "Check for the Version of openarena", "modified": "2017-07-10T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:863409", "href": "http://plugins.openvas.org/nasl.php?oid=863409", "type": "openvas", "title": "Fedora Update for openarena FEDORA-2011-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openarena FEDORA-2011-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openarena on Fedora 15\";\ntag_insight = \"OpenArena is an open-source content package for Quake III Arena licensed under\n the GPL, effectively creating a free stand-alone game.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063478.html\");\n script_id(863409);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9774\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for openarena FEDORA-2011-9774\");\n\n script_summary(\"Check for the Version of openarena\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openarena\", rpm:\"openarena~0.8.5~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863403", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863403", "type": "openvas", "title": "Fedora Update for quake3 FEDORA-2011-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quake3 FEDORA-2011-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063479.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863403\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-9774\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for quake3 FEDORA-2011-9774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quake3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"quake3 on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"quake3\", rpm:\"quake3~1.36~11.svn2102.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "Check for the Version of quake3", "modified": "2017-07-10T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:863404", "href": "http://plugins.openvas.org/nasl.php?oid=863404", "type": "openvas", "title": "Fedora Update for quake3 FEDORA-2011-9898", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quake3 FEDORA-2011-9898\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the enhanced opensource ioquake3 version of the Quake 3\n Arena engine. This engine can be used to play a number of games based on this\n engine, below is an (incomplete list):\n\n * OpenArena, Free, Open Source Quake3 like game, recommended!\n (packagename: openarena)\n \n * Urban Terror, gratis, but not Open Source FPS best be described as a\n Hollywood tactical shooter, a downloader and installer including an\n application menu entry is available in the urbanterror package.\n \n * World of Padman, gratis, but not Open Source Comic FPS, a downloader and\n installer including an application menu entry is available in the\n worldofpadman package.\n \n * Quake3 Arena, the original! A downloader and installer for the gratis, but\n not Open Source demo, including an application menu entry is available in\n the quake3-demo package.\n \n If you own a copy of quake 3, you will need to copy pak0.pk3 from the\n original CD-ROM and your q3key to /usr/share/quake3/baseq3 or ~/.q3a/baseq3.\n Also copy the pak?.pk3 files from the original 1.32 Quake 3 Arena point\n release there if you have them available or run quake3-update to download\n them for you.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"quake3 on Fedora 14\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html\");\n script_id(863404);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9898\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for quake3 FEDORA-2011-9898\");\n\n script_summary(\"Check for the Version of quake3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"quake3\", rpm:\"quake3~1.36~11.svn2102.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863409", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863409", "type": "openvas", "title": "Fedora Update for openarena FEDORA-2011-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openarena FEDORA-2011-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063478.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863409\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-9774\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for openarena FEDORA-2011-9774\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openarena'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"openarena on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"openarena\", rpm:\"openarena~0.8.5~4.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863404", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863404", "type": "openvas", "title": "Fedora Update for quake3 FEDORA-2011-9898", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quake3 FEDORA-2011-9898\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863404\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-9898\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for quake3 FEDORA-2011-9898\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quake3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"quake3 on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"quake3\", rpm:\"quake3~1.36~11.svn2102.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:42", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:1361412562310863408", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863408", "type": "openvas", "title": "Fedora Update for openarena FEDORA-2011-9898", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openarena FEDORA-2011-9898\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063461.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863408\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-9898\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for openarena FEDORA-2011-9898\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'openarena'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC14\");\n script_tag(name:\"affected\", value:\"openarena on Fedora 14\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"openarena\", rpm:\"openarena~0.8.5~4.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-25T10:55:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "Check for the Version of quake3", "modified": "2017-07-10T00:00:00", "published": "2011-08-12T00:00:00", "id": "OPENVAS:863403", "href": "http://plugins.openvas.org/nasl.php?oid=863403", "type": "openvas", "title": "Fedora Update for quake3 FEDORA-2011-9774", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quake3 FEDORA-2011-9774\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"This package contains the enhanced opensource ioquake3 version of the Quake 3\n Arena engine. This engine can be used to play a number of games based on this\n engine, below is an (incomplete list):\n\n * OpenArena, Free, Open Source Quake3 like game, recommended!\n (packagename: openarena)\n \n * Urban Terror, gratis, but not Open Source FPS best be described as a\n Hollywood tactical shooter, a downloader and installer including an\n application menu entry is available in the urbanterror package.\n \n * World of Padman, gratis, but not Open Source Comic FPS, a downloader and\n installer including an application menu entry is available in the\n worldofpadman package.\n \n * Quake3 Arena, the original! A downloader and installer for the gratis, but\n not Open Source demo, including an application menu entry is available in\n the quake3-demo package.\n \n If you own a copy of quake 3, you will need to copy pak0.pk3 from the\n original CD-ROM and your q3key to /usr/share/quake3/baseq3 or ~/.q3a/baseq3.\n Also copy the pak?.pk3 files from the original 1.32 Quake 3 Arena point\n release there if you have them available or run quake3-update to download\n them for you.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\ntag_affected = \"quake3 on Fedora 15\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063479.html\");\n script_id(863403);\n script_version(\"$Revision: 6626 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:30:10 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-08-12 15:49:01 +0200 (Fri, 12 Aug 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-9774\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_name(\"Fedora Update for quake3 FEDORA-2011-9774\");\n\n script_summary(\"Check for the Version of quake3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"quake3\", rpm:\"quake3~1.36~11.svn2102.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-01-02T10:57:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3012", "CVE-2011-1412", "CVE-2011-2764"], "description": "Check for the Version of openarena", "modified": "2017-12-29T00:00:00", "published": "2012-03-19T00:00:00", "id": "OPENVAS:863851", "href": "http://plugins.openvas.org/nasl.php?oid=863851", "type": "openvas", "title": "Fedora Update for openarena FEDORA-2011-10039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for openarena FEDORA-2011-10039\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"openarena on Fedora 16\";\ntag_insight = \"OpenArena is an open-source content package for Quake III Arena licensed under\n the GPL, effectively creating a free stand-alone game.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064621.html\");\n script_id(863851);\n script_version(\"$Revision: 8257 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-29 07:29:46 +0100 (Fri, 29 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-03-19 12:25:34 +0530 (Mon, 19 Mar 2012)\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\", \"CVE-2011-3012\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"FEDORA\", value: \"2011-10039\");\n script_name(\"Fedora Update for openarena FEDORA-2011-10039\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of openarena\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"openarena\", rpm:\"openarena~0.8.5~4.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3012", "CVE-2011-1412", "CVE-2011-2764"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-04-02T00:00:00", "id": "OPENVAS:1361412562310863909", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310863909", "type": "openvas", "title": "Fedora Update for quake3 FEDORA-2011-10039", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for quake3 FEDORA-2011-10039\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064622.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.863909\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-02 12:33:27 +0530 (Mon, 02 Apr 2012)\");\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\", \"CVE-2011-3012\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"FEDORA\", value:\"2011-10039\");\n script_name(\"Fedora Update for quake3 FEDORA-2011-10039\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'quake3'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"quake3 on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"quake3\", rpm:\"quake3~1.36~11.svn2102.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-12T10:09:48", "description": " - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-08-09T00:00:00", "title": "Fedora 15 : openarena-0.8.5-4.fc15 / quake3-1.36-11.svn2102.fc15 (2011-9774)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "modified": "2011-08-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quake3", "p-cpe:/a:fedoraproject:fedora:openarena", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2011-9774.NASL", "href": "https://www.tenable.com/plugins/nessus/55777", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9774.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55777);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_xref(name:\"FEDORA\", value:\"2011-9774\");\n\n script_name(english:\"Fedora 15 : openarena-0.8.5-4.fc15 / quake3-1.36-11.svn2102.fc15 (2011-9774)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725951\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063478.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7c9d8ea4\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063479.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c13ac77\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openarena and / or quake3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openarena\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quake3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"openarena-0.8.5-4.fc15\")) flag++;\nif (rpm_check(release:\"FC15\", reference:\"quake3-1.36-11.svn2102.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openarena / quake3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:48", "description": " - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2011-08-09T00:00:00", "title": "Fedora 14 : openarena-0.8.5-4.fc14 / quake3-1.36-11.svn2102.fc14 (2011-9898)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "modified": "2011-08-09T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quake3", "cpe:/o:fedoraproject:fedora:14", "p-cpe:/a:fedoraproject:fedora:openarena"], "id": "FEDORA_2011-9898.NASL", "href": "https://www.tenable.com/plugins/nessus/55783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-9898.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55783);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\");\n script_xref(name:\"FEDORA\", value:\"2011-9898\");\n\n script_name(english:\"Fedora 14 : openarena-0.8.5-4.fc14 / quake3-1.36-11.svn2102.fc14 (2011-9898)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725951\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063460.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7041a511\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/063461.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f77777a2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openarena and / or quake3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openarena\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quake3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/07/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"openarena-0.8.5-4.fc14\")) flag++;\nif (rpm_check(release:\"FC14\", reference:\"quake3-1.36-11.svn2102.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openarena / quake3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:02", "description": " - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "published": "2011-08-29T00:00:00", "title": "Fedora 16 : openarena-0.8.5-4.fc16 / quake3-1.36-11.svn2102.fc16 (2011-10039)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3012", "CVE-2011-1412", "CVE-2011-2764"], "modified": "2011-08-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:quake3", "p-cpe:/a:fedoraproject:fedora:openarena", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2011-10039.NASL", "href": "https://www.tenable.com/plugins/nessus/55984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-10039.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(55984);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\", \"CVE-2011-3012\");\n script_bugtraq_id(48915);\n script_xref(name:\"FEDORA\", value:\"2011-10039\");\n\n script_name(english:\"Fedora 16 : openarena-0.8.5-4.fc16 / quake3-1.36-11.svn2102.fc16 (2011-10039)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Update to 1.36 svn snapshot r2102\n\n - This fixes 2 security issues where a malicious server\n could execute arbitrary code on connecting clients\n (rhbz#725951) :\n\n - CVE-2011-1412: Execute arbitrary shell commands on\n connecting clients\n\n - CVE-2011-2764: Arbitrary code execution when\n native-code DLLs are enabled\n\n - Update the autodownload + launch script for\n UrbanTerror to 4.1.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=725951\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064621.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9820d608\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-August/064622.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65062714\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openarena and / or quake3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:openarena\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:quake3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/08/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/08/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"openarena-0.8.5-4.fc16\")) flag++;\nif (rpm_check(release:\"FC16\", reference:\"quake3-1.36-11.svn2102.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openarena / quake3\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T11:06:08", "description": "The remote host is affected by the vulnerability described in GLSA-201706-23\n(Urban Terror: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Urban Terror. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to connect to a malicious server\n or leverage Man-in-the-Middle attacks to cause the execution of arbitrary\n code with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 23, "published": "2017-06-23T00:00:00", "title": "GLSA-201706-23 : Urban Terror: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-3012", "CVE-2012-3345", "CVE-2011-1412", "CVE-2011-2764"], "modified": "2017-06-23T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:urbanterror"], "id": "GENTOO_GLSA-201706-23.NASL", "href": "https://www.tenable.com/plugins/nessus/101018", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201706-23.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101018);\n script_version(\"3.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2011-1412\", \"CVE-2011-2764\", \"CVE-2011-3012\", \"CVE-2012-3345\");\n script_xref(name:\"GLSA\", value:\"201706-23\");\n\n script_name(english:\"GLSA-201706-23 : Urban Terror: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201706-23\n(Urban Terror: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Urban Terror. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to connect to a malicious server\n or leverage Man-in-the-Middle attacks to cause the execution of arbitrary\n code with the privileges of the process or a Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201706-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Urban Terror users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=games-fps/urbanterror-4.3.2_p20170426'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:urbanterror\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"games-fps/urbanterror\", unaffected:make_list(\"ge 4.3.2_p20170426\"), vulnerable:make_list(\"lt 4.3.2_p20170426\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Urban Terror\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:10:24", "description": "Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-03-08T00:00:00", "title": "Fedora 16 : tremulous-1.2.0-0.4.beta1.fc16 (2012-2419)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2764"], "modified": "2012-03-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tremulous", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/58280", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2419.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58280);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48915);\n script_xref(name:\"FEDORA\", value:\"2012-2419\");\n\n script_name(english:\"Fedora 16 : tremulous-1.2.0-0.4.beta1.fc16 (2012-2419)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=796362\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074740.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fb09c498\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tremulous package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tremulous\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"tremulous-1.2.0-0.4.beta1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tremulous\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:23", "description": "Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-02-29T00:00:00", "title": "Fedora 17 : tremulous-1.2.0-0.4.beta1.fc17 (2012-2238)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2764"], "modified": "2012-02-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tremulous", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-2238.NASL", "href": "https://www.tenable.com/plugins/nessus/58159", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2238.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58159);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48915);\n script_xref(name:\"FEDORA\", value:\"2012-2238\");\n\n script_name(english:\"Fedora 17 : tremulous-1.2.0-0.4.beta1.fc17 (2012-2238)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=796362\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-February/074030.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?544a87fa\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tremulous package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tremulous\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"tremulous-1.2.0-0.4.beta1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tremulous\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-12T10:10:24", "description": "Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "published": "2012-03-08T00:00:00", "title": "Fedora 15 : tremulous-1.2.0-0.4.beta1.fc15 (2012-2405)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2764"], "modified": "2012-03-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:tremulous", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-2405.NASL", "href": "https://www.tenable.com/plugins/nessus/58279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-2405.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58279);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_bugtraq_id(48915);\n script_xref(name:\"FEDORA\", value:\"2012-2405\");\n\n script_name(english:\"Fedora 15 : tremulous-1.2.0-0.4.beta1.fc15 (2012-2405)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fixes CVE-2011-2764\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=796362\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-March/074738.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e8bb626a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected tremulous package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:tremulous\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"tremulous-1.2.0-0.4.beta1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"tremulous\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "This package contains the enhanced opensource ioquake3 version of the Quake 3 Arena engine. This engine can be used to play a number of games based on th is engine, below is an (incomplete list): * OpenArena, Free, Open Source Quake3 like game, recommended! (packagename: openarena) * Urban Terror, gratis, but not Open Source FPS best be described as a Hollywood tactical shooter, a downloader and installer including an application menu entry is available in the urbanterror package. * World of Padman, gratis, but not Open Source Comic FPS, a downloader and installer including an application menu entry is available in the worldofpadman package. * Quake3 Arena, the original! A downloader and installer for the gratis, but not Open Source demo, including an application menu entry is available in the quake3-demo package. If you own a copy of quake 3, you will need to copy pak0.pk3 from the original CD-ROM and your q3key to /usr/share/quake3/baseq3 or ~/.q3a/base q3. Also copy the pak?.pk3 files from the original 1.32 Quake 3 Arena point release there if you have them available or run quake3-update to download them for you. ", "modified": "2011-08-09T01:22:03", "published": "2011-08-09T01:22:03", "id": "FEDORA:043901108A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: quake3-1.36-11.svn2102.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "OpenArena is an open-source content package for Quake III Arena licensed un der the GPL, effectively creating a free stand-alone game. ", "modified": "2011-08-09T01:26:27", "published": "2011-08-09T01:26:27", "id": "FEDORA:581281108A5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: openarena-0.8.5-4.fc15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "This package contains the enhanced opensource ioquake3 version of the Quake 3 Arena engine. This engine can be used to play a number of games based on th is engine, below is an (incomplete list): * OpenArena, Free, Open Source Quake3 like game, recommended! (packagename: openarena) * Urban Terror, gratis, but not Open Source FPS best be described as a Hollywood tactical shooter, a downloader and installer including an application menu entry is available in the urbanterror package. * World of Padman, gratis, but not Open Source Comic FPS, a downloader and installer including an application menu entry is available in the worldofpadman package. * Quake3 Arena, the original! A downloader and installer for the gratis, but not Open Source demo, including an application menu entry is available in the quake3-demo package. If you own a copy of quake 3, you will need to copy pak0.pk3 from the original CD-ROM and your q3key to /usr/share/quake3/baseq3 or ~/.q3a/base q3. Also copy the pak?.pk3 files from the original 1.32 Quake 3 Arena point release there if you have them available or run quake3-update to download them for you. ", "modified": "2011-08-09T01:26:27", "published": "2011-08-09T01:26:27", "id": "FEDORA:5D6E6110BEC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: quake3-1.36-11.svn2102.fc15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764"], "description": "OpenArena is an open-source content package for Quake III Arena licensed un der the GPL, effectively creating a free stand-alone game. ", "modified": "2011-08-09T01:22:03", "published": "2011-08-09T01:22:03", "id": "FEDORA:08752110A1E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: openarena-0.8.5-4.fc14", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764", "CVE-2011-3012"], "description": "OpenArena is an open-source content package for Quake III Arena licensed un der the GPL, effectively creating a free stand-alone game. ", "modified": "2011-08-28T05:24:36", "published": "2011-08-28T05:24:36", "id": "FEDORA:49E6D10F7FA", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: openarena-0.8.5-4.fc16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-1412", "CVE-2011-2764", "CVE-2011-3012"], "description": "This package contains the enhanced opensource ioquake3 version of the Quake 3 Arena engine. This engine can be used to play a number of games based on th is engine, below is an (incomplete list): * OpenArena, Free, Open Source Quake3 like game, recommended! (packagename: openarena) * Urban Terror, gratis, but not Open Source FPS best be described as a Hollywood tactical shooter, a downloader and installer including an application menu entry is available in the urbanterror package. * World of Padman, gratis, but not Open Source Comic FPS, a downloader and installer including an application menu entry is available in the worldofpadman package. * Quake3 Arena, the original! A downloader and installer for the gratis, but not Open Source demo, including an application menu entry is available in the quake3-demo package. If you own a copy of quake 3, you will need to copy pak0.pk3 from the original CD-ROM and your q3key to /usr/share/quake3/baseq3 or ~/.q3a/base q3. Also copy the pak?.pk3 files from the original 1.32 Quake 3 Arena point release there if you have them available or run quake3-update to download them for you. ", "modified": "2011-08-28T05:24:36", "published": "2011-08-28T05:24:36", "id": "FEDORA:55ADD110960", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: quake3-1.36-11.svn2102.fc16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2764"], "description": "Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being spawning. The designated builders must ensure there are spawn structures or other pla yers will not be able to rejoin the game after death. Other structures provide automated base defense (to some degree), healing functions and much more... Player advancement is different depending on which team you are on. As a human, players are rewarded with credits for each alien kill. These credits may be used to purchase new weapons and upgrades from the Arm oury The alien team advances quite differently. Upon killing a human foe, the alien is able to evolve into a new class. The more kills gained the more powerful the classes available. The overall objective behind Tremulous is to eliminate the opposing team. This is achieved by not only killing the opposing players but also removing their ability to respawn by destroying their spawn structures. ", "modified": "2012-02-28T10:58:37", "published": "2012-02-28T10:58:37", "id": "FEDORA:5406621F5F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: tremulous-1.2.0-0.4.beta1.fc17", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2764", "CVE-2011-3012"], "description": "Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being spawning. The designated builders must ensure there are spawn structures or other pla yers will not be able to rejoin the game after death. Other structures provide automated base defense (to some degree), healing functions and much more... Player advancement is different depending on which team you are on. As a human, players are rewarded with credits for each alien kill. These credits may be used to purchase new weapons and upgrades from the Arm oury The alien team advances quite differently. Upon killing a human foe, the alien is able to evolve into a new class. The more kills gained the more powerful the classes available. The overall objective behind Tremulous is to eliminate the opposing team. This is achieved by not only killing the opposing players but also removing their ability to respawn by destroying their spawn structures. ", "modified": "2012-03-08T04:57:53", "published": "2012-03-08T04:57:53", "id": "FEDORA:EBC7B21032", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: tremulous-1.2.0-0.4.beta1.fc15", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2764", "CVE-2011-3012"], "description": "Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being spawning. The designated builders must ensure there are spawn structures or other pla yers will not be able to rejoin the game after death. Other structures provide automated base defense (to some degree), healing functions and much more... Player advancement is different depending on which team you are on. As a human, players are rewarded with credits for each alien kill. These credits may be used to purchase new weapons and upgrades from the Arm oury The alien team advances quite differently. Upon killing a human foe, the alien is able to evolve into a new class. The more kills gained the more powerful the classes available. The overall objective behind Tremulous is to eliminate the opposing team. This is achieved by not only killing the opposing players but also removing their ability to respawn by destroying their spawn structures. ", "modified": "2012-03-08T04:58:12", "published": "2012-03-08T04:58:12", "id": "FEDORA:C721F211D2", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tremulous-1.2.0-0.4.beta1.fc16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-5077", "CVE-2011-2764", "CVE-2011-3012"], "description": "Tremulous is a free, open source game that blends a team based FPS with ele ments of an RTS. Players can choose from 2 unique races, aliens and humans. Players on both teams are able to build working structures in-game like an RTS. These structures provide many functions, the most important being spawning. The designated builders must ensure there are spawn structures or other pla yers will not be able to rejoin the game after death. Other structures provide automated base defense (to some degree), healing functions and much more... Player advancement is different depending on which team you are on. As a human, players are rewarded with credits for each alien kill. These credits may be used to purchase new weapons and upgrades from the Arm oury The alien team advances quite differently. Upon killing a human foe, the alien is able to evolve into a new class. The more kills gained the more powerful the classes available. The overall objective behind Tremulous is to eliminate the opposing team. This is achieved by not only killing the opposing players but also removing their ability to respawn by destroying their spawn structures. ", "modified": "2012-04-18T19:24:51", "published": "2012-04-18T19:24:51", "id": "FEDORA:AEE6F20A02", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: tremulous-1.2.0-0.5.beta1.fc16", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2017-06-22T22:15:16", "bulletinFamily": "unix", "cvelist": ["CVE-2011-3012", "CVE-2012-3345", "CVE-2011-1412", "CVE-2011-2764"], "description": "### Background\n\nUrban Terror is a free multiplayer first person shooter developed by FrozenSand, that will run on any Quake III Arena compatible engine. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Urban Terror. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to connect to a malicious server or leverage Man-in-the-Middle attacks to cause the execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Urban Terror users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=games-fps/urbanterror-4.3.2_p20170426\"", "edition": 1, "modified": "2017-06-22T00:00:00", "published": "2017-06-22T00:00:00", "href": "https://security.gentoo.org/glsa/201706-23", "id": "GLSA-201706-23", "title": "Urban Terror: Multiple vulnerabilities", "type": "gentoo", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}