CVE-2011-1932

Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021	Patch Release Notes Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:widelands:widelands:-:build1::::::
	cpe:2.3:a:widelands:widelands:-:build10::::::
	cpe:2.3:a:widelands:widelands:-:build10_release_candidate::::::
	cpe:2.3:a:widelands:widelands:-:build11::::::
	cpe:2.3:a:widelands:widelands:-:build11_release_candidate::::::
	cpe:2.3:a:widelands:widelands:-:build12::::::
	cpe:2.3:a:widelands:widelands:-:build12_release_candidate::::::
	cpe:2.3:a:widelands:widelands:-:build13::::::
	cpe:2.3:a:widelands:widelands:-:build13_release_candidate::::::
	cpe:2.3:a:widelands:widelands:-:build13_release_candidate2::::::
	cpe:2.3:a:widelands:widelands:-:build14::::::
	cpe:2.3:a:widelands:widelands:-:build14_release_candidate::::::
	cpe:2.3:a:widelands:widelands:-:build2::::::
	cpe:2.3:a:widelands:widelands:-:build3::::::
	cpe:2.3:a:widelands:widelands:-:build4::::::
	cpe:2.3:a:widelands:widelands:-:build5::::::
	cpe:2.3:a:widelands:widelands:-:build6::::::
	cpe:2.3:a:widelands:widelands:-:build7::::::
	cpe:2.3:a:widelands:widelands:-:build8::::::
	cpe:2.3:a:widelands:widelands:-:build9::::::

History

No history.

Information

Published : 2011-12-05 11:55

Updated : 2024-02-28 11:41

NVD link : CVE-2011-1932

Mitre link : CVE-2011-1932

CVE.ORG link : CVE-2011-1932

JSON object : View

Products Affected

widelands

widelands

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2011-1932", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-12-05T11:55:05.867", "references": [{"url": "http://bazaar.launchpad.net/~widelands-dev/widelands/build-15/revision/5021", "tags": ["Patch", "Release Notes", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617960", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in io/filesystem/filesystem.cc in Widelands before 15.1 might allow remote attackers to overwrite arbitrary files via . (dot) characters in a pathname that is used for a file transfer in an Internet game."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en io/filesystem/filesystem.cc en Widelands antes de v15.1 podr\u00eda permitir a atacantes remotos sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de caracteres . (punto) en un nombre de ruta que se utiliza para la transferencia de un archivo en un juego en Internet."}], "lastModified": "2021-06-25T14:19:49.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:widelands:widelands:-:build1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C310EED8-E0FE-4E51-AF0A-6A53924DC4BD"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "054E4DC2-A9F7-4680-A33C-B816AEE0A148"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build10_release_candidate:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B2DF3D7-AD20-4578-A730-C2515038A97D"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFF3C32F-3C38-4112-B575-6A6F91173CFF"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build11_release_candidate:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B45B376-434B-456B-B491-CF7B0BB0F597"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB91F6CB-0B0D-435E-8CC9-7405053966E9"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build12_release_candidate:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "208433B7-008C-4771-8508-7640782F018F"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF11D5F6-5103-4561-A1BE-2761AEDF96F8"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13_release_candidate:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17E65533-7F5C-4CA3-9157-063E93F1E6AB"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build13_release_candidate2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6803C19-950C-4A27-9B07-DFA3512BBB23"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F70B6239-4BD3-4E90-80E6-BBBFD1518A56"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build14_release_candidate:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76F3B6EA-CDB0-47ED-A6BF-BE5F99467DA7"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B88CCD70-B9DB-47DF-AF80-84ABC905E272"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "460D9138-AA35-4A25-A5EB-1613BE29F5C5"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD22A431-E827-4621-94CA-4A9F2A48F025"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "820E897A-D5C7-49E2-884F-2A722FA36B48"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40FE6D11-D0A5-4E9B-A990-BB73FCD095E0"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9D5D4C-ADF9-483E-8318-66866B2863E3"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C1AE263-930F-4F2D-B6F5-AF96DA7239D9"}, {"criteria": "cpe:2.3:a:widelands:widelands:-:build9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9603E399-1F1D-4C35-82C9-4382F1A70926"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}