CVE-2009-0367
Published: 5 March 2009
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
Priority
Status
Package | Release | Status |
---|---|---|
wesnoth Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Released
(1.2.6-1ubuntu2.5)
|
|
hardy |
Released
(1:1.4-1ubuntu0.1)
|
|
intrepid |
Released
(1:1.4.5-1ubuntu0.2)
|
|
upstream |
Released
(1:1.4.7-4)
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/wesnoth/+bug/336396 |