severity 406400 important thanks On Thu, Jan 11, 2007 at 08:29:17PM +0100, Cyril Brulebois wrote: > Sure. Here is a little cut & paste from #alientrap/irc.irule.net:
> <KiBi> As a member of the Debian Games Team, I'd like to get some > precisions about CVE-2006-6610 > <div0> ok > <KiBi> It is stated about "remote console command injection", but I'd > like to know whether that means game command injection or > arbitrary shell commands > <div0> anyone could inject Quake console commands... > <div0> not shell commands > <div0> the impact is overwriting config files in ~/.nexuiz and DoS > against the server > <div0> it should not be possible to destroy anything else > <KiBi> OK, many thanks. > <div0> and of course manipulation of the server, like changing its host > name or MOTD for propaganda or stuff like that > <KiBi> Sure. Just wanted to know about ``outside impact''. > <div0> so if someone was affected by such an attack, I'd recommend "rm > -rf ~/.nexuiz" and restoring the config directory This doesn't sound like a release-critical security hole then, since it's not true arbitrary command execution. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
