Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5983

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5983
Last Modified 14 May 2013 10:49:35
Published 27 Jan 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5983

Summary

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Vulnerable Systems

Application

  • Python Software Foundation Python 1.5.2

  • Python Software Foundation Python 1.6

  • Python Software Foundation Python 1.6.1

  • Python Software Foundation Python 2.0

  • Python Software Foundation Python 2.0.1

  • Python Software Foundation Python 2.1

  • Python Software Foundation Python 2.1.1

  • Python Software Foundation Python 2.1.2

  • Python Software Foundation Python 2.1.3

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.2.1

  • Python Software Foundation Python 2.2.2

  • Python Software Foundation Python 2.2.3

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.3.5

  • Python Software Foundation Python 2.3.6

  • Python Software Foundation Python 2.3.7

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.4.1

  • Python Software Foundation Python 2.4.2

  • Python Software Foundation Python 2.4.3

  • Python Software Foundation Python 2.4.4

  • Python Software Foundation Python 2.4.5

  • Python Software Foundation Python 2.4.6

  • Python Software Foundation Python 2.5

  • Python Software Foundation Python 2.5.1

  • Python Software Foundation Python 2.5.2

  • Python Software Foundation Python 2.5.4

  • Python Software Foundation Python 2.6.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=482814

VUPEN - ADV-2011-0122

VUPEN - ADV-2010-1448

REDHAT - RHSA-2011:0027

MLIST - [oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

MLIST - [oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

MLIST - [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

MLIST - [debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd

MLIST - [debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory

GENTOO - GLSA-200904-06

GENTOO - GLSA-200903-41

SECUNIA - 42888

SECUNIA - 40194

SECUNIA - 34522

FEDORA - FEDORA-2010-9652

UBUNTU - USN-1596-1

UBUNTU - USN-1613-2

UBUNTU - USN-1613-1

UBUNTU - USN-1616-1

SECUNIA - 51087

SECUNIA - 51040

SECUNIA - 51024

SECUNIA - 50858


Last Updated: 27 May 2016 11:00:58