CVE-2008-5983

Published: 28/01/2009 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and previous versions, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python
fedoraproject fedora 13
canonical ubuntu linux 11.04
canonical ubuntu linux 11.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04

Debian Bug report logs - #513419 nautilus-python: CVE-2009-0317 untrusted search path vulnerability Package: nautilus-python; Maintainer for nautilus-python is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Wed, 28 Jan 2009 22:15:01 UTC Severi ...

Debian Bug report logs - #513513 CVE-2009-0314: Untrusted search path vulnerability Package: gedit; Maintainer for gedit is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gedit is src:gedit (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu ...

Debian Bug report logs - #513509 CVE-2009-0315: Untrusted search path vulnerability Package: xchat; Maintainer for xchat is Gianfranco Costamagna <locutusofborg@debianorg>; Source for xchat is src:xchat (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Thu, 29 Jan 2009 18:18:02 U ...

Debian Bug report logs - #513418 gnumeric: CVE-2009-0318 untrusted search path vulnerability in GObject wrapper Package: gnumeric-plugins-extra; Maintainer for gnumeric-plugins-extra is Dmitry Smirnov <onlyjob@debianorg>; Source for gnumeric-plugins-extra is src:gnumeric (PTS, buildd, popcon) Reported by: Nico Golde <nio ...

Several security issues were fixed in Python 24 ...

Several security issues were fixed in Python 31 ...

Several security issues were fixed in Python 25 ...

Several security issues were fixed in Python 26 ...

CWE-426 http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html http://www.openwall.com/lists/oss-security/2009/01/28/5 https://bugzilla.redhat.com/show_bug.cgi?id=482814 http://www.openwall.com/lists/oss-security/2009/01/30/2 http://security.gentoo.org/glsa/glsa-200903-41.xml http://secunia.com/advisories/34522 http://security.gentoo.org/glsa/glsa-200904-06.xml http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html http://www.vupen.com/english/advisories/2010/1448 http://secunia.com/advisories/40194 http://www.redhat.com/support/errata/RHSA-2011-0027.html http://secunia.com/advisories/42888 http://www.vupen.com/english/advisories/2011/0122 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-2 http://www.ubuntu.com/usn/USN-1613-1 http://secunia.com/advisories/51040 http://secunia.com/advisories/50858 http://www.ubuntu.com/usn/USN-1616-1 http://secunia.com/advisories/51087 http://secunia.com/advisories/51024 http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513419 https://usn.ubuntu.com/1613-2/

CVE-2008-5983

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect