Summary
| Detail | |||
|---|---|---|---|
| Vendor | Wesnoth | First view | 2007-10-11 |
| Product | Wesnoth | Last view | 2009-03-12 |
| Version | Type | Application | |
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5 | 2009-03-12 | CVE-2009-0878 | The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. |
| 4.3 | 2009-03-12 | CVE-2009-0366 | The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. |
| 9.3 | 2009-03-04 | CVE-2009-0367 | The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. |
| 7.5 | 2007-12-01 | CVE-2007-6201 | Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option. |
| 9 | 2007-12-01 | CVE-2007-5742 | Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. |
| 7.8 | 2007-10-11 | CVE-2007-3917 | The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-399 | Resource Management Errors |
| 20% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 20% (1) | CWE-134 | Uncontrolled Format String |
| 20% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:20407 | DSA-1386-1 wesnoth |
| oval:org.mitre.oval:def:18747 | DSA-1421-1 wesnoth - directory traversal |
| oval:org.mitre.oval:def:8370 | DSA-1737 wesnoth -- several vulnerabilities |
| oval:org.mitre.oval:def:13652 | DSA-1737-1 wesnoth -- several vulnerabilities |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 53877 | Wesnoth Python AI Module Hierarchical Module Name Handling Arbitrary Code Exe... |
| 52717 | Wesnoth src/terrain_translation.cpp read_game_map Function DoS |
| 52672 | Wesnoth simple_wml.cpp uncompress_buffer() Function WML File Handling DoS |
| 41713 | Wesnoth WML Engine Preprocessor Unspecified Traversal Arbitrary File Access |
| 41712 | Wesnoth turn_cmd Option Unspecified DoS |
| 41711 | Wesnoth Multieplayer Engine server/server.cpp Malformed UTF-8 String Remote DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2009-03-13 | Name : Debian Security Advisory DSA 1737-1 (wesnoth) File : nvt/deb_1737_1.nasl |
| 2009-02-27 | Name : Fedora Update for wesnoth FEDORA-2007-2496 File : nvt/gb_fedora_2007_2496_wesnoth_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for wesnoth FEDORA-2007-3986 File : nvt/gb_fedora_2007_3986_wesnoth_fc7.nasl |
| 2009-02-27 | Name : Fedora Update for wesnoth FEDORA-2007-3989 File : nvt/gb_fedora_2007_3989_wesnoth_fc8.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1386-1 (wesnoth) File : nvt/deb_1386_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1386-2 (wesnoth) File : nvt/deb_1386_2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1421-1 (wesnoth) File : nvt/deb_1421_1.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2009-03-12 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1737.nasl - Type: ACT_GATHER_INFO |
| 2007-12-07 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1421.nasl - Type: ACT_GATHER_INFO |
| 2007-12-04 | Name: The remote Fedora host is missing a security update. File: fedora_2007-3986.nasl - Type: ACT_GATHER_INFO |
| 2007-12-04 | Name: The remote Fedora host is missing a security update. File: fedora_2007-3989.nasl - Type: ACT_GATHER_INFO |
| 2007-11-06 | Name: The remote Fedora host is missing a security update. File: fedora_2007-2496.nasl - Type: ACT_GATHER_INFO |
| 2007-10-15 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1386.nasl - Type: ACT_GATHER_INFO |
