Your submission was sent successfully! Close

CVE-2009-0367

Published: 05 March 2009

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Priority

Medium

Status

Package Release Status
wesnoth
Launchpad, Ubuntu, Debian
Upstream
Released (1:1.4.7-4)
Patches:
Debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/wesnoth/+bug/336396