Launchpad.net

CVE 2009-0367

The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.

Related bugs and status

CVE-2009-0367 (Candidate) is related to these bugs:

Bug #335089: Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	335089	Please sync wesnoth 1:1.4.7-4 (universe) from Debian unstable (main)		wesnoth (Ubuntu)	Medium	Fix Released

Bug #336396: Wesnoth security fixes

		In	Importance	Status
336396	Wesnoth security fixes	wesnoth (Ubuntu)	Undecided	Invalid
336396	Wesnoth security fixes	wesnoth (Ubuntu Gutsy)	Undecided	Fix Released
336396	Wesnoth security fixes	wesnoth (Ubuntu Hardy)	Undecided	Fix Released
336396	Wesnoth security fixes	wesnoth (Ubuntu Jaunty)	Undecided	Invalid
336396	Wesnoth security fixes	wesnoth (Ubuntu Intrepid)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0367

Related bugs and status

Related bugs

References