Sauerbraten Game Engine Map Import Vulnerability

Secunia ID	SA50144
Release Date	08 Aug 2012
Criticality	Moderately Critical
Solution Status	Vendor Workaround
Software	Sauerbraten Game Engine
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Sauerbraten Game Engine, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error within the "TEXTCOMMAND()" macro (src/engine/textedit.h) when parsing map files and can be exploited to manipulate arbitrary files via a malicious map. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into importing a malicious map or connecting to a malicious server. The vulnerability is reported in version 2010_07_28. Other versions may also be affected.
Solution	Fixed in the SVN repository.
Reported by	Martin Erik Werner in a Debian bug.
Original Advisory	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684144

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.