Bug 1236010 (CVE-2015-5069, CVE-2015-5070) - CVE-2015-5069 CVE-2015-5070 wesnoth: authentication information disclosure
Summary: CVE-2015-5069 CVE-2015-5070 wesnoth: authentication information disclosure
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2015-5069, CVE-2015-5070
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1236011 1236012 1236013
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-26 10:55 UTC by Stefan Cornelius
Modified: 2021-02-17 05:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-08 02:42:02 UTC


Attachments (Terms of Use)

Description Stefan Cornelius 2015-06-26 10:55:26 UTC
Quoting from http://www.openwall.com/lists/oss-security/2015/06/25/2
"Wesnoth implements a text preprocessing language that is used in conjunction 
with its own game scripting language. It also has a built-in Lua interpreter 
and API. Both the Lua API and the preprocessor make use of the same function 
(filesystem::get_wml_location()) to resolve file paths so that only content 
from the user's data directory can be read.

However, the function did not explicitly disallow files with the .pbl 
extension. The contents of these files could thus be stored in saved game 
files or even transmitted directly to other users in a networked game. Among 
the information that's compromised is a user-defined passphrase used to 
authenticate uploads to the game's content server.

This issue was found by Toom Lõhmus, then verified and fixed by Ignacio R. 
Morelle."

There have been two patches, [3] and [4]. Patch [3] did only take lowercase extensions
into account and was incomplete. Patch [3] is CVE-2015-5069.
Patch [4] is an additional patch, fixing the lowercase problem. Patch [4] is CVE-2015-5070.

[1] http://www.openwall.com/lists/oss-security/2015/06/25/2
[2] https://gna.org/bugs/?23504 (currently restricted)

Patches:

Incomplete fix as it only handles lowercase extensions. CVE-2015-5069
[3] https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d

Complete fix, CVE-2015-5070
[4] https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59

Comment 1 Stefan Cornelius 2015-06-26 10:58:09 UTC
Created wesnoth tracking bugs for this issue:

Affects: fedora-all [bug 1236011]
Affects: epel-5 [bug 1236012]
Affects: epel-6 [bug 1236013]

Comment 2 Martin Prpič 2015-09-08 09:30:08 UTC
External References:

none

Comment 3 Product Security DevOps Team 2019-06-08 02:42:02 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.