CVE-2010-2445 Information

Description

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality related to the (1) os (2) io (3) package (4) dofile (5) loadfile (6) loadlib (7) module and (8) require modules or functions.

Reference

http://gna.org/bugs/?15624 http://www.mandriva.com/security/advisories?name=MDVSA-2010:205 http://www.openwall.com/lists/oss-security/2010/06/09/4 http://www.openwall.com/lists/oss-security/2010/06/24/5 http://www.osvdb.org/65192