It was reported that Wesnoth's Python AI sandbox does not sufficiently confine campaign AI scripts, possibly allowing arbitrary code execution if user can be tricked to download campaigns from untrusted servers. Upstream bug report: https://gna.org/bugs/index.php?13048 Discussion on devel mailinglist: https://mail.gna.org/public/wesnoth-dev/2009-02/msg00036.html Current upstream decision seems to be to disable Python AI completely due to their limited use. This seems to have already been done in 1.5.11: http://svn.gna.org/viewcvs/wesnoth/tags/1.5.11/changelog?rev=33066&view=download Similar change should soon appear in 1.4.8 too: http://svn.gna.org/viewcvs/wesnoth?rev=33071&view=rev
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0367 to the following vulnerability: Name: CVE-2009-0367 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0367 Assigned: 20090129 Reference: CONFIRM: http://www.wesnoth.org/forum/viewtopic.php?t=24247 Reference: CONFIRM: http://www.wesnoth.org/forum/viewtopic.php?t=24340 Reference: CONFIRM: https://gna.org/bugs/index.php?13048 Reference: SECUNIA:34058 Reference: URL: http://secunia.com/advisories/34058 Reference: VUPEN:ADV-2009-0595 Reference: URL: http://www.vupen.com/english/advisories/2009/0595 The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.
As there is now Wesnoth 1.6 in f10, that can be marked as fixed, I think.