CVE-2009-0367
published 2009-03-05CVE-2009-0367: The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted…
PriorityP359critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.94%
95.3th percentile
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
| wesnoth | wesnoth | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hmxr-rwh4-hh58: The Python AI module in Wesnoth 1
ghsa_unreviewed·2022-05-02
CVE-2009-0367 [HIGH] GHSA-hmxr-rwh4-hh58: The Python AI module in Wesnoth 1
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
Red Hat
wesnoth: Python AI sandbox permits arbitrary code execution
vendor_redhat·CVSS 9.3
CVE-2009-0367 [CRITICAL] wesnoth: Python AI sandbox permits arbitrary code execution
wesnoth: Python AI sandbox permits arbitrary code execution
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
No detection rules found.
Bugzilla
CVE-2009-0366 wesnoth: non-public security issue
bugzilla·2009-02-27·CVSS 4.3
CVE-2009-0366 [MEDIUM] CVE-2009-0366 wesnoth: non-public security issue
CVE-2009-0366 wesnoth: non-public security issue
Wesnoth developers mailing list mentions security fix currently being worked on upstream:
https://mail.gna.org/public/wesnoth-dev/2009-02/msg00036.html
Further details and upstream bug report are currently non-public:
https://gna.org/bugs/index.php?13037
Discussion:
There's currently not much info about this at the moment, though I filed this bug to make maintainers aware of the other upcoming security fix besides CVE-2009-0367, so they can be done in one update if desired.
---
Debian Security Advisory DSA-1737-1 has just been released referring to this CVE:
http://lists.debian.org/debian-security-announce/2009/msg00047.html
http://www.debian.org/security/2009/dsa-1737
describing the flaw as:
CVE-2009-0366
Daniel Franke discovered t
Bugzilla
CVE-2009-0367 wesnoth: Python AI sandbox permits arbitrary code execution
bugzilla·2009-02-27·CVSS 9.3
CVE-2009-0367 [CRITICAL] CVE-2009-0367 wesnoth: Python AI sandbox permits arbitrary code execution
CVE-2009-0367 wesnoth: Python AI sandbox permits arbitrary code execution
It was reported that Wesnoth's Python AI sandbox does not sufficiently confine campaign AI scripts, possibly allowing arbitrary code execution if user can be tricked to download campaigns from untrusted servers.
Upstream bug report:
https://gna.org/bugs/index.php?13048
Discussion on devel mailinglist:
https://mail.gna.org/public/wesnoth-dev/2009-02/msg00036.html
Current upstream decision seems to be to disable Python AI completely due to their limited use. This seems to have already been done in 1.5.11:
http://svn.gna.org/viewcvs/wesnoth/tags/1.5.11/changelog?rev=33066&view=download
Similar change should soon appear in 1.4.8 too:
http://svn.gna.org/viewcvs/wesnoth?rev=33071&view=rev
Discussion:
Common Vulnerab
http://launchpad.net/bugs/335089http://launchpad.net/bugs/336396http://launchpad.net/bugs/cve/2009-0367http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changeloghttp://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changeloghttp://secunia.com/advisories/34058http://secunia.com/advisories/34236http://www.debian.org/security/2009/dsa-1737http://www.vupen.com/english/advisories/2009/0595http://www.wesnoth.org/forum/viewtopic.php?t=24247http://www.wesnoth.org/forum/viewtopic.php?t=24340https://exchange.xforce.ibmcloud.com/vulnerabilities/49058https://gna.org/bugs/index.php?13048http://launchpad.net/bugs/335089http://launchpad.net/bugs/336396http://launchpad.net/bugs/cve/2009-0367http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changeloghttp://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changeloghttp://secunia.com/advisories/34058http://secunia.com/advisories/34236http://www.debian.org/security/2009/dsa-1737http://www.vupen.com/english/advisories/2009/0595http://www.wesnoth.org/forum/viewtopic.php?t=24247http://www.wesnoth.org/forum/viewtopic.php?t=24340https://exchange.xforce.ibmcloud.com/vulnerabilities/49058https://gna.org/bugs/index.php?13048
2009-03-05
Published