This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
The remote Fedora host is missing a security update.
A flaw was found in the way Red Eclipse handled config files. In
cube2-engine games, game maps can be transmitted either from the
server to a client, or from client to client. These maps include a
config file (mapname.cfg) in 'cubescript' format, which allows for an
attacker to send a malicious script via a new map. This map must
either be chosen by an administrator on the server, or created in
co-operative editing mode. A malicious script could then be used to
read or write to any files that the user running the client has access
to when the victim loads a map with the malicious configuration file.
The patch included in this update stops 'textedit' commands being able
to be run in map-run scripts, thus disabling the ability to read/write
to user files.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected redeclipse package.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now