logo
DATABASE RESOURCES PRICING ABOUT US

Arbitrary Code Execution

Description

python is vulnerable to arbitrary code execution. It was found that many applications embedding the Python interpreter did not specify a valid full path to the script or application when calling the PySys_SetArgv API function, which could result in the addition of the current working directory to the module search path (sys.path). A local attacker able to trick a victim into running such an application in an attacker-controlled directory could use this flaw to execute code with the victim's privileges. This update adds the PySys_SetArgvEx API. Developers can modify their applications to use this new API, which sets sys.argv without modifying sys.path.


Affected Software


CPE Name Name Version
python 2.4.3__24.el5
python 2.4.3__24.el5_3.6
python 2.4.3__21.el5
python 2.4.3__19.el5
python 2.4.3__27.el5
python 2.4.3__27.el5_5.2
python 2.4.3__27.el5_5.3
python 2.4.3__24.el5
python 2.4.3__24.el5_3.6
python 2.4.3__21.el5
python 2.4.3__19.el5
python 2.4.3__27.el5
python 2.4.3__27.el5_5.2
python 2.4.3__27.el5_5.3

Related