CVE-2008-5983 : Detail

CVE-2008-5983

A08-Soft and Data Integrity Fail
0.06%V3
Local
2009-01-28
01h00 +00:00
2009-02-05
09h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Metrics

Metrics Score Severity CVSS Vector Source
V2 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Products Mentioned

Configuraton 0

Python>>Python >> Version To (excluding) 2.6.6

Python>>Python >> Version From (including) 3.1.0 To (excluding) 3.1.3

Configuraton 0

Fedoraproject>>Fedora >> Version 13

Configuraton 0

Canonical>>Ubuntu_linux >> Version 8.04

Canonical>>Ubuntu_linux >> Version 10.04

Canonical>>Ubuntu_linux >> Version 11.04

Canonical>>Ubuntu_linux >> Version 11.10

References

http://secunia.com/advisories/51087
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.openwall.com/lists/oss-security/2009/01/30/2
Tags : mailing-list, x_refsource_MLIST
http://www.ubuntu.com/usn/USN-1616-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/51040
Tags : third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200903-41.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2009/01/26/2
Tags : mailing-list, x_refsource_MLIST
http://www.vupen.com/english/advisories/2010/1448
Tags : vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/50858
Tags : third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200904-06.xml
Tags : vendor-advisory, x_refsource_GENTOO
http://www.vupen.com/english/advisories/2011/0122
Tags : vdb-entry, x_refsource_VUPEN
http://www.openwall.com/lists/oss-security/2009/01/28/5
Tags : mailing-list, x_refsource_MLIST
http://secunia.com/advisories/34522
Tags : third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/42888
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1596-1
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/40194
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2011-0027.html
Tags : vendor-advisory, x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-1613-2
Tags : vendor-advisory, x_refsource_UBUNTU
http://secunia.com/advisories/51024
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.ubuntu.com/usn/USN-1613-1
Tags : vendor-advisory, x_refsource_UBUNTU