Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 261282 (CVE-2009-0367)

Summary: <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary code execution (CVE-2009-0367)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: major CC: games
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.wesnoth.org/forum/viewtopic.php?t=24340
Whiteboard: B1 [ebuild]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-03-05 09:33:22 UTC 
CVE-2009-0367 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0367):
  The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows
  remote attackers to escape the sandbox and execute arbitrary code by
  using a whitelisted module that imports an unsafe module, then using
  a hierarchical module name to access the unsafe module through the
  whitelisted module.
Comment 1 Mr. Bones. (RETIRED) gentoo-dev 2009-03-05 16:14:44 UTC 

*** This bug has been marked as a duplicate of bug 260058 ***