Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5986

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-5986
Last Modified 05 Feb 2009 01:52:52
Published 28 Jan 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5986

Summary

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Vulnerable Systems

Application

  • Csound 5.08.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=481550

XF - csound-pysyssetargv-privilege-escalation(48276)

BID - 33446

MLIST - [oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359


Last Updated: 27 May 2016 10:49:01