Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and previous versions, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python python |
||
fedoraproject fedora 13 |
||
canonical ubuntu linux 11.04 |
||
canonical ubuntu linux 11.10 |
||
canonical ubuntu linux 8.04 |
||
canonical ubuntu linux 10.04 |