CVE-2009-0367

Published: Mar 5, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Affected (19)

Products: Wesnoth: Wesnoth

1 product

Configuration A

19 vulnerable

Vulnerable Software	Affected Versions
Wesnoth Wesnoth	Version 1.4.1
Wesnoth Wesnoth	Version 1.4.2
Wesnoth Wesnoth	Version 1.4.3
Wesnoth Wesnoth	Version 1.4.4
Wesnoth Wesnoth	Version 1.4.5
Wesnoth Wesnoth	Version 1.4.6
Wesnoth Wesnoth	Version 1.4.7
Wesnoth Wesnoth	Version 1.4
Wesnoth Wesnoth	Version 1.5.0
Wesnoth Wesnoth	Version 1.5.10
Wesnoth Wesnoth	Version 1.5.1
Wesnoth Wesnoth	Version 1.5.2
Wesnoth Wesnoth	Version 1.5.3
Wesnoth Wesnoth	Version 1.5.4
Wesnoth Wesnoth	Version 1.5.5
Wesnoth Wesnoth	Version 1.5.6
Wesnoth Wesnoth	Version 1.5.7
Wesnoth Wesnoth	Version 1.5.8
Wesnoth Wesnoth	Version 1.5.9

Related CWEs

References (26)

http://launchpad.net/bugs/335089

Source: cve@mitre.org

http://launchpad.net/bugs/336396

Source: cve@mitre.org

http://launchpad.net/bugs/cve/2009-0367

Source: cve@mitre.org

http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog

Source: cve@mitre.org

http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog

Source: cve@mitre.org

http://secunia.com/advisories/34058

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/34236

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1737

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/0595

Source: cve@mitre.org

PatchVendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?t=24247

Source: cve@mitre.org

PatchVendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?t=24340

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49058

Source: cve@mitre.org

https://gna.org/bugs/index.php?13048

Source: cve@mitre.org

http://launchpad.net/bugs/335089

Source: af854a3a-2127-422b-91ae-364da2661108

http://launchpad.net/bugs/336396

Source: af854a3a-2127-422b-91ae-364da2661108

http://launchpad.net/bugs/cve/2009-0367

Source: af854a3a-2127-422b-91ae-364da2661108

http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog

Source: af854a3a-2127-422b-91ae-364da2661108

http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34058

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/34236

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1737

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/0595

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?t=24247

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.wesnoth.org/forum/viewtopic.php?t=24340

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/49058

Source: af854a3a-2127-422b-91ae-364da2661108

https://gna.org/bugs/index.php?13048

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.