mirror of
https://github.com/ioquake/jedi-academy.git
synced 2025-02-08 21:31:45 +00:00
61687fff0c
CVE-2011-2764 The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dangerous file extensions, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file. CVE-2011-3012 The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764. bugzilla #3695 from Tim Angus in ioquake3 svn 1405 git 2c0861c1cea44861c5ceba2dc39e601d6bc3f0af * (bug 3695) Not allowing to write file with lib extention (.dll/.so/...) (TsT <tst2006@gmail.com>) from Tim Angus in ioquake3 svn 1499 git 48d8c8876b6ec035b0bb85f4d3c47c9210c3ca30 * s/FS_FilenameIsExecutable/FS_CheckFilenameIsNotExecutable/g * Fix potential buffer under run in FS_CheckFilenameIsNotExecutable from Thilo Schulz in ioquake3 svn 2098 git c4f739b8d03ca203435744c4a96e3561863ccdfe Fix extension name comparison for DLL files from Zack Middleton in ioquake3 git 6c88bf8aeee3c1e5449682f874f91e86cb393ef4 Rename FS_CheckFilenameIsNotExecutable to ..NotImmutable from Harley Laue in ioquake3 git 1b2a6abed996b43eb108486abbda449b3d16e019 Rename FS_CheckFilenameIsNotImmutable to ..IsMutable |
||
|---|---|---|
| .. | ||
| chash.h | ||
| cm_draw.cpp | ||
| cm_draw.h | ||
| cm_landscape.h | ||
| cm_load.cpp | ||
| cm_load_xbox.cpp | ||
| cm_local.h | ||
| cm_patch.cpp | ||
| cm_patch.h | ||
| cm_patch_xbox.cpp | ||
| cm_polylib.cpp | ||
| cm_polylib.h | ||
| cm_public.h | ||
| cm_randomterrain.cpp | ||
| cm_randomterrain.h | ||
| cm_shader.cpp | ||
| cm_terrain.cpp | ||
| cm_terrainmap.cpp | ||
| cm_terrainmap.h | ||
| cm_test.cpp | ||
| cm_trace.cpp | ||
| cmd_common.cpp | ||
| cmd_console.cpp | ||
| cmd_pc.cpp | ||
| CNetProfile.cpp | ||
| common.cpp | ||
| cvar.cpp | ||
| disablewarnings.h | ||
| exe_headers.cpp | ||
| exe_headers.h | ||
| files.cpp | ||
| files.h | ||
| files_common.cpp | ||
| files_console.cpp | ||
| files_pc.cpp | ||
| fixedmap.h | ||
| game_version.h | ||
| GenericParser2.cpp | ||
| GenericParser2.h | ||
| hstring.cpp | ||
| hstring.h | ||
| huffman.cpp | ||
| INetProfile.h | ||
| md4.cpp | ||
| MiniHeap.h | ||
| msg.cpp | ||
| net_chan.cpp | ||
| platform.h | ||
| q_math.cpp | ||
| q_shared.cpp | ||
| qcommon.h | ||
| qfiles.h | ||
| RoffSystem.cpp | ||
| RoffSystem.h | ||
| sparc.h | ||
| sstring.h | ||
| stringed_ingame.cpp | ||
| stringed_ingame.h | ||
| stringed_interface.cpp | ||
| stringed_interface.h | ||
| tags.h | ||
| timing.h | ||
| unzip.cpp | ||
| unzip.h | ||
| vm.cpp | ||
| vm_console.cpp | ||
| vm_interpreted.cpp | ||
| vm_local.h | ||
| vm_ppc.cpp | ||
| vm_x86.cpp | ||
| z_memman_console.cpp | ||
| z_memman_pc.cpp | ||