Vulnerability CVE-2011-4675


Published: 2011-12-05   Modified: 2012-02-13

Description:
The pathname canonicalization functionality in io/filesystem/filesystem.cc in Widelands before 15.1 expands leading ~ (tilde) characters to home-directory pathnames but does not restrict use of these characters in strings received from the network, which might allow remote attackers to conduct absolute path traversal attacks and overwrite arbitrary files via a ~ in a pathname that is used for a file transfer in an Internet game, a different vulnerability than CVE-2011-1932.

Type:

CWE-22

(Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.4/10
4.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
Partial
Affected software
Widelands -> Widelands 

 References:
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021
http://xforce.iss.net/xforce/xfdb/71626
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960

Copyright 2024, cxsecurity.com

 

Back to Top