CVE-2011-1412

Name of the Vulnerable Software and Affected Versions ioQuake3 engine versions prior to 1.5.1.1 World of Padman versions 1.5.x prior to 1.5.1.1 OpenArena versions 0.8.x-15 and 0.8.x-16

Description The issue allows remote game servers to execute arbitrary commands via shell metacharacters in a long fs game variable. This is due to a problem in the sys/sys unix.c file of the ioQuake3 engine on Unix and Linux systems.

Recommendations For ioQuake3 engine versions prior to 1.5.1.1, update to version 1.5.1.1 or later to resolve the issue. For World of Padman versions 1.5.x prior to 1.5.1.1, update to version 1.5.1.1 or later to resolve the issue. For OpenArena versions 0.8.x-15 and 0.8.x-16, consider disabling the use of the fs game variable until a patch is available.