UBUNTU-CVE-2011-3012

Source
https://ubuntu.com/security/CVE-2011-3012
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2011/UBUNTU-CVE-2011-3012.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2011-3012
Related
Published
2011-08-09T20:55:00Z
Modified
2025-01-13T10:21:01Z
Summary
[none]
Details

The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code via a crafted third-party addon that creates a Trojan horse DLL file, a different vulnerability than CVE-2011-2764.

References

Affected packages

Ubuntu:Pro:16.04:LTS / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20160122+dfsg1-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20150710+dfsg1-1
1.36+u20150926+dfsg1-1
1.36+u20151017+dfsg1-1
1.36+u20160122+dfsg1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20180108~dfsg-2?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20170803+dfsg1-1
1.36+u20171016~dfsg-1
1.36+u20171122~dfsg-1
1.36+u20171216~dfsg-1
1.36+u20180108~dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20191029.dc0c3e7~dfsg-1?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20190529.350b8f9~dfsg-2
1.36+u20191029.dc0c3e7~dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20220205.c0f2964~dfsg-1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20201117.d1b7ab6~dfsg-1
1.36+u20210927.2678080~dfsg-1
1.36+u20211208.84daa28~dfsg-1
1.36+u20220205.c0f2964~dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20240714.15f5fe7+dfsg-1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20240217.7d711f8+dfsg-1build2
1.36+u20240714.15f5fe7+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / ioquake3

Package

Name
ioquake3
Purl
pkg:deb/ubuntu/ioquake3@1.36+u20240217.7d711f8+dfsg-1build2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.36+u20230706.10a45cb+dfsg-1
1.36+u20230819.b1e6ef1+dfsg-1
1.36+u20231123.972635e+dfsg-1
1.36+u20240217.7d711f8+dfsg-1
1.36+u20240217.7d711f8+dfsg-1build1
1.36+u20240217.7d711f8+dfsg-1build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}