Extended description of the issue:
Game maps can in cube2-engine games be transmitted either from server
to client or from client to client, which includes a config file
(mapname.cfg) which is in "cubescript" format, this makes it possible
for an attacker to send a malign script via a new map (whic
Package: redeclipse
Version: 1.2-2
Severity: grave
Tags: security patch upstream
Justification: user security hole
A security issue with execution of map cfg(script) files could allow these
scripts the same r/w access to files as the user running the game client.
This issue has been patched upst
2 matches
Mail list logo
