CVE-2008-5983
Python < 2.6.6 - Untrusted Search Path via PySys_SetArgv API Function
Title source: llmDescription
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
References (23)
Core 23
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=482814
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51087
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/01/30/2
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1616-1
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51040
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200903-41.xml
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/01/26/2
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1448
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50858
Broken Link mailing-list
x_refsource_mlist
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200904-06.xml
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0122
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/01/28/5
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34522
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42888
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1596-1
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40194
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0027.html
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1613-2
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51024
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1613-1
Scores
EPSS
0.0012
EPSS Percentile
30.2%
Details
CWE
CWE-426
Status
published
Products (6)
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
10.04
canonical/ubuntu_linux
11.04
canonical/ubuntu_linux
11.10
fedoraproject/fedora
13
python/python
< 2.6.6
Published
Jan 28, 2009
Tracked Since
Feb 18, 2026