261282 – (CVE-2009-0367) <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary code execution (CVE-2009-0367)

Bug 261282 (CVE-2009-0367) - <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary code execution (CVE-2009-0367)

Summary: <games-strategy/wesnoth-{1.4.?,1.5.11} sandbox escape and remote arbitrary co...

Status:	RESOLVED DUPLICATE of bug 260058

Alias:	CVE-2009-0367

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Gentoo Security

URL:	http://www.wesnoth.org/forum/viewtopi...
Whiteboard:	B1 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2009-03-05 09:33 UTC by Stefan Behte (RETIRED)
Modified:	2009-03-05 16:14 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Behte (RETIRED) gentoo-dev

2009-03-05 09:33:22 UTC

CVE-2009-0367 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0367):
  The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows
  remote attackers to escape the sandbox and execute arbitrary code by
  using a whitelisted module that imports an unsafe module, then using
  a hierarchical module name to access the unsafe module through the
  whitelisted module.

Comment 1 Mr. Bones. (RETIRED) gentoo-dev

2009-03-05 16:14:44 UTC


*** This bug has been marked as a duplicate of bug 260058 ***