CVE-2008-5983 — MEDIUM (6.9)

Q: How severe is CVE-2008-5983?

CVE-2008-5983 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-5983?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Canonical Ubuntu Linux.

Vulnerability Description

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

CVSS Score

6.9

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Python	Python	< 2.6.6
Fedoraproject	Fedora	13
Canonical	Ubuntu Linux	8.04

Related Weaknesses (CWE)

CWE-426

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/34522Not Applicable
http://secunia.com/advisories/40194Not Applicable
http://secunia.com/advisories/42888Not Applicable
http://secunia.com/advisories/50858Not Applicable
http://secunia.com/advisories/51024Not Applicable
http://secunia.com/advisories/51040Not Applicable
http://secunia.com/advisories/51087Not Applicable
http://security.gentoo.org/glsa/glsa-200903-41.xmlThird Party Advisory
http://security.gentoo.org/glsa/glsa-200904-06.xmlThird Party Advisory
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-Broken Link
http://www.openwall.com/lists/oss-security/2009/01/26/2Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2009/01/28/5Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2009/01/30/2Mailing ListThird Party Advisory

FAQ

What is CVE-2008-5983?

CVE-2008-5983 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not co...

How severe is CVE-2008-5983?

CVE-2008-5983 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-5983?

Check the references section above for vendor advisories and patch information. Affected products include: Python Python, Fedoraproject Fedora, Canonical Ubuntu Linux.