6.9
CVSSv2

CVE-2008-5983

Published: 28/01/2009 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and previous versions, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python python

fedoraproject fedora 13

canonical ubuntu linux 11.04

canonical ubuntu linux 11.10

canonical ubuntu linux 8.04

canonical ubuntu linux 10.04

Vendor Advisories

Debian Bug report logs - #513419 nautilus-python: CVE-2009-0317 untrusted search path vulnerability Package: nautilus-python; Maintainer for nautilus-python is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Wed, 28 Jan 2009 22:15:01 UTC Severi ...
Debian Bug report logs - #513513 CVE-2009-0314: Untrusted search path vulnerability Package: gedit; Maintainer for gedit is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gedit is src:gedit (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu ...
Debian Bug report logs - #513509 CVE-2009-0315: Untrusted search path vulnerability Package: xchat; Maintainer for xchat is Gianfranco Costamagna <locutusofborg@debianorg>; Source for xchat is src:xchat (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu, 29 Jan 2009 18:18:02 U ...
Debian Bug report logs - #513418 gnumeric: CVE-2009-0318 untrusted search path vulnerability in GObject wrapper Package: gnumeric-plugins-extra; Maintainer for gnumeric-plugins-extra is Dmitry Smirnov <onlyjob@debianorg>; Source for gnumeric-plugins-extra is src:gnumeric (PTS, buildd, popcon) Reported by: Nico Golde <nio ...
Several security issues were fixed in Python 24 ...
Several security issues were fixed in Python 31 ...
Several security issues were fixed in Python 25 ...
Several security issues were fixed in Python 26 ...