CVE-2011-2764

Priority
Description
The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the
ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns,
OpenArena, Tremulous, and ioUrbanTerror, does not properly determine
dangerous file extensions, which allows remote attackers to execute
arbitrary code via a crafted third-party addon that creates a Trojan horse
DLL file.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [1.36+svn2202-1])
Trusty/esm:DNE (trusty was not-affected [1.36+u20140116+gdde36d9-1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.36+u20160122+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Patches:
Upstream:http://svn.icculus.org/quake3?view=rev&revision=2098
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Trusty/esm:DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 18.10 (Cosmic Cuttlefish):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):needed
More Information

Updated: 2019-04-26 14:14:29 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)