Back to search
CVE-2008-5983
Published: Jan 28, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory
mailing-list
x_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=482814
x_refsource_MISC
FEDORA-2010-9652
vendor-advisory
x_refsource_FEDORA
51087
third-party-advisory
x_refsource_SECUNIA
USN-1616-1
vendor-advisory
x_refsource_UBUNTU
51040
third-party-advisory
x_refsource_SECUNIA
GLSA-200903-41
vendor-advisory
x_refsource_GENTOO
ADV-2010-1448
vdb-entry
x_refsource_VUPEN
50858
third-party-advisory
x_refsource_SECUNIA
[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd
mailing-list
x_refsource_MLIST
GLSA-200904-06
vendor-advisory
x_refsource_GENTOO
ADV-2011-0122
vdb-entry
x_refsource_VUPEN
34522
third-party-advisory
x_refsource_SECUNIA
42888
third-party-advisory
x_refsource_SECUNIA
USN-1596-1
vendor-advisory
x_refsource_UBUNTU
40194
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0027
vendor-advisory
x_refsource_REDHAT
USN-1613-2
vendor-advisory
x_refsource_UBUNTU
51024
third-party-advisory
x_refsource_SECUNIA
USN-1613-1
vendor-advisory
x_refsource_UBUNTU
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now