Bug 405661 (CVE-2007-5742)

Summary: CVE-2007-5742, CVE-2007-6201 wesnoth: multiple vulnerabilities
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Brian Pepple <bdpepple>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: rbu, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5742
Whiteboard:
Fixed In Version: 1.2.8-2.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-03 11:40:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tomas Hoger 2007-11-30 09:30:12 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-5742 to the following vulnerability:

Versions prior to 1.2.8 and development branches prior to 1.3.12 are affected
by a security vulneratiliby which allows attackers to view the content of files
on the remote computer running Wesnoth.

References:
http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289
http://secunia.com/advisories/27786/

Comment 1 Tomas Hoger 2007-11-30 09:33:29 UTC
Brian, I've noticed new builds of 1.2.8 in Koji, which either failed or were
canceled.  Please consider mentioning CVE id in the RPM changelog.  Thanks!

Comment 2 Brian Pepple 2007-11-30 14:54:13 UTC
(In reply to comment #1)
> Brian, I've noticed new builds of 1.2.8 in Koji, which either failed or were
> canceled.  Please consider mentioning CVE id in the RPM changelog.  Thanks!

Yeah, the build is failing due to PulseAudio.  Once I figure out how to fix it,
I'll mention the CVE id in the changelog.


Comment 3 Ville Skyttä 2007-12-01 12:36:17 UTC
1.2.8 apparently fixes CVE-2007-6201 too.

Comment 4 Robert Buchholz 2007-12-02 13:06:02 UTC
See https://bugs.gentoo.org/200789 for more details on impact and exploitability.

Comment 5 Tomas Hoger 2007-12-03 11:15:47 UTC
(In reply to comment #3)
> 1.2.8 apparently fixes CVE-2007-6201 too.

Right, two CVE ids were assigned for wesnoth vulnerabilities:

CVE-2007-5742:

Directory traversal vulnerability in the WML engine preprocessor for
Wesnoth before 1.2.8 allows remote attackers to read arbitrary files
via ".." sequences in unknown vectors.

References:
http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289
http://sourceforge.net/project/shownotes.php?release_id=557098
http://secunia.com/advisories/27786
http://www.frsirt.com/english/advisories/2007/4026
http://xforce.iss.net/xforce/xfdb/38752
http://www.securityfocus.com/bid/26626


CVE-2007-6201:

Unspecified vulnerability in Wesnoth before 1.2.8 allows attackers to
cause a denial of service (hang) via a "faulty add-on" and possibly
execute other commands via unknown vectors related to the turn_cmd
option.

References:
http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289
http://sourceforge.net/project/shownotes.php?release_id=557098
http://secunia.com/advisories/27786
http://www.frsirt.com/english/advisories/2007/4026
http://xforce.iss.net/xforce/xfdb/38751


Comment 6 Tomas Hoger 2007-12-03 11:26:10 UTC
(In reply to comment #4)
> See https://bugs.gentoo.org/200789 for more details on impact and
> exploitability.

Thanks Robert!  Based on more information from Gentoo bug, this should probably
be low.



Comment 7 Fedora Update System 2007-12-03 11:39:59 UTC
wesnoth-1.2.8-2.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2007-12-03 11:40:20 UTC
wesnoth-1.2.8-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.