Vulnerability Description
freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freeciv | Freeciv | 2.2.0 |
Related Weaknesses (CWE)
References
- http://gna.org/bugs/?15624Patch
- http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-E
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:205
- http://www.openwall.com/lists/oss-security/2010/06/09/4
- http://www.openwall.com/lists/oss-security/2010/06/24/5
- http://www.osvdb.org/65192
- http://gna.org/bugs/?15624Patch
- http://packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-E
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:205
- http://www.openwall.com/lists/oss-security/2010/06/09/4
- http://www.openwall.com/lists/oss-security/2010/06/24/5
- http://www.osvdb.org/65192
FAQ
What is CVE-2010-2445?
CVE-2010-2445 is a vulnerability with a CVSS score of 10.0 (HIGH). freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) ...
How severe is CVE-2010-2445?
CVE-2010-2445 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2445?
Check the references section above for vendor advisories and patch information. Affected products include: Freeciv Freeciv.