CVE-2009-0367

EUVD-2009-0371
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
wesnothwesnoth
1.4
wesnothwesnoth
1.4.1
wesnothwesnoth
1.4.2
wesnothwesnoth
1.4.3
wesnothwesnoth
1.4.4
wesnothwesnoth
1.4.5
wesnothwesnoth
1.4.6
wesnothwesnoth
1.4.7
wesnothwesnoth
1.5.0
wesnothwesnoth
1.5.1
wesnothwesnoth
1.5.2
wesnothwesnoth
1.5.3
wesnothwesnoth
1.5.4
wesnothwesnoth
1.5.5
wesnothwesnoth
1.5.6
wesnothwesnoth
1.5.7
wesnothwesnoth
1.5.8
wesnothwesnoth
1.5.9
wesnothwesnoth
1.5.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wesnoth
dapper
not-affected
gutsy
Fixed 1.2.6-1ubuntu2.5
released
hardy
Fixed 1:1.4-1ubuntu0.1
released
intrepid
Fixed 1:1.4.5-1ubuntu0.2
released
Common Weakness Enumeration
References
http://launchpad.net/bugs/335089
http://launchpad.net/bugs/336396
http://launchpad.net/bugs/cve/2009-0367
http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog
http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog
http://secunia.com/advisories/34058
http://secunia.com/advisories/34236
http://www.debian.org/security/2009/dsa-1737
http://www.vupen.com/english/advisories/2009/0595
http://www.wesnoth.org/forum/viewtopic.php?t=24247
http://www.wesnoth.org/forum/viewtopic.php?t=24340
https://exchange.xforce.ibmcloud.com/vulnerabilities/49058
https://gna.org/bugs/index.php?13048
http://launchpad.net/bugs/335089
http://launchpad.net/bugs/336396
http://launchpad.net/bugs/cve/2009-0367
http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog
http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog
http://secunia.com/advisories/34058
http://secunia.com/advisories/34236
http://www.debian.org/security/2009/dsa-1737
http://www.vupen.com/english/advisories/2009/0595
http://www.wesnoth.org/forum/viewtopic.php?t=24247
http://www.wesnoth.org/forum/viewtopic.php?t=24340
https://exchange.xforce.ibmcloud.com/vulnerabilities/49058
https://gna.org/bugs/index.php?13048