CVE-2011-4675

Sažetak

The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
https://exchange.xforce.ibmcloud.com/vulnerabilities/71626

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

25-06-2021 - 14:19

Objavljeno

05-12-2011 - 11:55