Lucene search

K
gentooGentoo FoundationGLSA-200903-41
HistoryMar 30, 2009 - 12:00 a.m.

gedit: Untrusted search path

2009-03-3000:00:00
Gentoo Foundation
security.gentoo.org
18

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.5%

Background

gedit is a text editor for the GNOME desktop.

Description

James Vega reported that gedit uses the current working directory when searching for python modules, a vulnerability related to CVE-2008-5983.

Impact

A local attacker could entice a user to open gedit from a specially crafted environment, possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

Do not run gedit from untrusted working directories.

Resolution

All gedit 2.22.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.22.3-r1"

All gedit 2.24.x users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-editors/gedit-2.24.3"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-editors/gedit< 2.24.3UNKNOWN

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

21.5%

Related for GLSA-200903-41