| Vulnerability Name: | CVE-2009-0367 (CCN-49058) | ||||||||||||||||
| Assigned: | 2009-02-22 | ||||||||||||||||
| Published: | 2009-02-22 | ||||||||||||||||
| Updated: | 2017-08-08 | ||||||||||||||||
| Summary: | The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. | ||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||
| Vulnerability Type: | CWE-264 | ||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2009-0367 Source: CONFIRM Type: UNKNOWN http://launchpad.net/bugs/335089 Source: CONFIRM Type: UNKNOWN http://launchpad.net/bugs/336396 Source: CONFIRM Type: UNKNOWN http://launchpad.net/bugs/cve/2009-0367 Source: CONFIRM Type: UNKNOWN http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog Source: CONFIRM Type: UNKNOWN http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog Source: CCN Type: SA34058 Wesnoth PythonAI Arbitrary Code Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 34058 Source: SECUNIA Type: UNKNOWN 34236 Source: DEBIAN Type: UNKNOWN DSA-1737 Source: DEBIAN Type: DSA-1737 wesnoth -- several vulnerabilities Source: CCN Type: OSVDB ID: 53877 Wesnoth Python AI Module Hierarchical Module Name Handling Arbitrary Code Execution Source: CCN Type: BID-33971 Wesnoth PythonAI Remote Code Execution Vulnerability Source: VUPEN Type: Patch, Vendor Advisory ADV-2009-0595 Source: CCN Type: Wesnoth Web site Wesnoth Source: CCN Type: Wesnoth Forum/BfW - Users/Release Announcements, Compiling, and Installation, Tue Feb 24, 2009 9:46 Wesnoth 1.5.11 Source: CCN Type: Wesnoth Forum/BfW - Users/Release Announcements, Compiling, and Installation, Mon Mar 02, 2009 4:18 Security advisor for 1.4.x Source: CONFIRM Type: Patch, Vendor Advisory http://www.wesnoth.org/forum/viewtopic.php?t=24247 Source: CONFIRM Type: Patch, Vendor Advisory http://www.wesnoth.org/forum/viewtopic.php?t=24340 Source: XF Type: UNKNOWN wesnoth-pythonai-code-execution(49058) Source: XF Type: UNKNOWN wesnoth-pythonai-code-execution(49058) Source: CONFIRM Type: UNKNOWN https://gna.org/bugs/index.php?13048 | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||