46 matches found
CVE-2009-4081
Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894...
CVE-2009-3894
CVE-2009-3894 affects dstat prior to 0.7.0, involving an untrusted Python module search path that could allow a local attacker to execute code with the caller’s privileges via a Trojan horse module in the current directory or a subdirectory. Public advisories (RHSA-2009-1619/ELSA-2009-1619 and re...
CVE-2009-3894
Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in 1 the current working directory or 2 a certain subdirectory of the current working directory...
CVE-2009-4081
Untrusted search path vulnerability in dstat before r3199 allows local users to gain privileges via a Trojan horse Python module in the current working directory, a different vulnerability than CVE-2009-3894...
[resent] [ GLSA 200911-04 ] dstat: Untrusted search path
Due to an oversight on my part, the original email has not been signed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200911-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - -...
dstat: Untrusted search path
Background dstat is a versatile system resource monitor written in Python. Description Robert Buchholz of the Gentoo Security Team reported that dstat includes the current working directory and subdirectories in the Python module search path sys.path before calling "import". Impact A local attack...