logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2008-5983

Description

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.


Affected Software


CPE Name Name Version
python:python python 3.1.3
python:python python 2.6.6
fedoraproject:fedora fedoraproject fedora 13
canonical:ubuntu_linux canonical ubuntu linux 11.04
canonical:ubuntu_linux canonical ubuntu linux 11.10
canonical:ubuntu_linux canonical ubuntu linux 8.04
canonical:ubuntu_linux canonical ubuntu linux 10.04

Related