[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250363

 
 

909

 
 

196124

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2008-5983Date: (C)2009-01-27   (M)2024-02-22


Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.9
Exploit Score: 3.4
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECUNIA-34522
SECUNIA-40194
SECUNIA-42888
SECUNIA-50858
SECUNIA-51024
SECUNIA-51040
SECUNIA-51087
ADV-2010-1448
ADV-2011-0122
FEDORA-2010-9652
GLSA-200903-41
GLSA-200904-06
RHSA-2011:0027
USN-1596-1
USN-1613-1
USN-1613-2
USN-1616-1
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.openwall.com/lists/oss-security/2009/01/28/5
http://www.openwall.com/lists/oss-security/2009/01/30/2
https://bugzilla.redhat.com/show_bug.cgi?id=482814

CPE    4
cpe:/o:canonical:ubuntu_linux:11.04
cpe:/o:fedoraproject:fedora:13
cpe:/o:canonical:ubuntu_linux:11.10
cpe:/a:python:python
...
CWE    1
CWE-426
OVAL    9
oval:org.secpod.oval:def:101413
oval:org.secpod.oval:def:100789
oval:org.secpod.oval:def:500037
oval:org.secpod.oval:def:100348
...

© SecPod Technologies