Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5984

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5984
Last Modified 04 Mar 2009 01:47:35
Published 28 Jan 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5984

Summary

Untrusted search path vulnerability in the Python plugin in Dia 0.96.1, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Vulnerable Systems

Application

  • Dia 0.96.1


References

FEDORA - FEDORA-2009-1057

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=481551

XF - dia-pysyssetargv-privilege-escalation(48262)

BID - 33448

MLIST - [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

MANDRIVA - MDVSA-2009:046

MANDRIVA - MDVSA-2009:040

SECUNIA - 33703

SECUNIA - 33672

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504251


Last Updated: 27 May 2016 10:49:01