Vulnerability CVE-2007-5742
Published: 2007-12-01   Modified: 2012-02-12

Description:
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9/10
8.5/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Complete
Affected software
Wesnoth -> Wesnoth 

 References:
http://www.wesnoth.org/forum/viewtopic.php?p=264289#264289
http://sourceforge.net/project/shownotes.php?release_id=557098
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00006.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00004.html
http://xforce.iss.net/xforce/xfdb/38752
http://www.wesnoth.org/forum/viewtopic.php?t=18844
http://www.vupen.com/english/advisories/2007/4026
http://www.securityfocus.com/bid/26626
http://www.debian.org/security/2007/dsa-1421
http://secunia.com/advisories/27943
http://secunia.com/advisories/27920
http://secunia.com/advisories/27786
http://osvdb.org/41713
Copyright 2024, cxsecurity.com

 

Back to Top