CVE-2015-5069 in Battle for Wesnoth
Summary
by MITRE
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 12/30/2022
The vulnerability identified as CVE-2015-5069 affects the Battle for Wesnoth game engine, specifically targeting two critical functions within the filesystem handling modules. This issue exists in versions prior to 1.12.3 and 1.13.x before 1.13.1, representing a significant security flaw that could be exploited by remote attackers to gain unauthorized access to sensitive information. The vulnerability stems from improper handling of WML (Wesnoth Markup Language) file inclusion mechanisms, particularly when processing .pbl files which are part of the game's resource management system.
The technical flaw manifests in the filesystem::get_wml_location function located in filesystem.cpp and the is_legal_file function within filesystem_boost.cpp. These functions fail to properly validate or sanitize the inclusion of .pbl files during WML processing, creating a path traversal or information disclosure vulnerability. Attackers can craft malicious WML scripts that reference .pbl files in ways that bypass normal security checks, potentially allowing them to access files outside of the intended game resource directories. This vulnerability falls under the category of information disclosure as defined by CWE-200, where sensitive data can be obtained through improper access control mechanisms.
The operational impact of this vulnerability extends beyond simple information disclosure, as it represents a potential attack vector that could be leveraged to escalate privileges or gain deeper system access. Remote attackers could exploit this weakness by uploading or modifying WML files that contain malicious references to .pbl resources, potentially accessing system files, configuration data, or other sensitive information that should remain protected. The vulnerability is particularly concerning in multiplayer gaming environments where users might be able to influence the WML processing pipeline through modded content or custom campaigns.
Security mitigations for this vulnerability primarily involve upgrading to the patched versions of Battle for Wesnoth, specifically version 1.12.3 or 1.13.1 and later. System administrators should implement strict file access controls and validate all WML content before processing, particularly when dealing with user-generated or third-party content. The ATT&CK framework categorizes this vulnerability under T1059.007 for Windows Command Shell and T1566 for Phishing, as attackers could use information disclosure to gather intelligence for further attacks. Additionally, implementing proper input validation and sanitization for all WML file processing, combined with regular security audits of game resource handling code, would significantly reduce the risk of exploitation. Organizations should also consider implementing network monitoring to detect unusual WML file access patterns that might indicate attempted exploitation of this vulnerability.