Computer Security
[EN] securityvulns.ru no-pyccku


blender / gedit / gnumeric / vim / eog python scripts code execution
updated since 17.02.2009
Published:07.04.2009
Source:
SecurityVulns ID:9683
Type:local
Threat Level:
4/10
Description:sys.path variable manipulation is possible to load arbitrary modules.
Affected:GNUMERIC : gnumeric 1.8
 BLENDER : Blender 2.46
 GEDIT : gedit 2.24
 EPIPHANY : epiphany 2.24
 EOG : Eye of GNOME 2.22
CVE:CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.)
 CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).)
 CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.)
 CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.)
Original documentdocumentGENTOO, [ GLSA 200904-06 ] Eye of GNOME: Untrusted search path (07.04.2009)
 documentMANDRIVA, [ MDVSA-2009:063 ] eog (04.03.2009)
 documentMANDRIVA, [ MDVSA-2009:048 ] epiphany (25.02.2009)
 documentMANDRIVA, [ MDVSA-2009:048-1 ] epiphany (24.02.2009)
 documentMANDRIVA, [ MDVSA-2009:047 ] vim (21.02.2009)
 documentMANDRIVA, [ MDVSA-2009:043 ] gnumeric (20.02.2009)
 documentMANDRIVA, [ MDVSA-2009:038 ] blender (17.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod