CVE-2008-5983

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
pythonpython
𝑥
< 2.6.6
pythonpython
3.1.0 ≤
𝑥
< 3.1.3
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
11.04
canonicalubuntu_linux
11.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python2.4
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
Fixed 2.4.5-1ubuntu4.4
released
gutsy
ignored
dapper
ignored
python2.5
quantal
dne
precise
dne
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
Fixed 2.5.2-2ubuntu6.2
released
gutsy
ignored
dapper
dne
python2.6
quantal
dne
precise
dne
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
Fixed 2.6.5-1ubuntu6.1
released
karmic
ignored
hardy
dne
dapper
dne
python2.7
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
dne
hardy
dne
python3.1
quantal
dne
precise
dne
oneiric
dne
natty
not-affected
lucid
Fixed 3.1.2-0ubuntu3.2
released
hardy
dne
python3.2
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
dne
hardy
dne
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
http://secunia.com/advisories/34522
http://secunia.com/advisories/40194
http://secunia.com/advisories/42888
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://secunia.com/advisories/51087
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://security.gentoo.org/glsa/glsa-200904-06.xml
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.openwall.com/lists/oss-security/2009/01/28/5
http://www.openwall.com/lists/oss-security/2009/01/30/2
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://www.ubuntu.com/usn/USN-1616-1
http://www.vupen.com/english/advisories/2010/1448
http://www.vupen.com/english/advisories/2011/0122
https://bugzilla.redhat.com/show_bug.cgi?id=482814
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
http://secunia.com/advisories/34522
http://secunia.com/advisories/40194
http://secunia.com/advisories/42888
http://secunia.com/advisories/50858
http://secunia.com/advisories/51024
http://secunia.com/advisories/51040
http://secunia.com/advisories/51087
http://security.gentoo.org/glsa/glsa-200903-41.xml
http://security.gentoo.org/glsa/glsa-200904-06.xml
http://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.openwall.com/lists/oss-security/2009/01/28/5
http://www.openwall.com/lists/oss-security/2009/01/30/2
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://www.ubuntu.com/usn/USN-1596-1
http://www.ubuntu.com/usn/USN-1613-1
http://www.ubuntu.com/usn/USN-1613-2
http://www.ubuntu.com/usn/USN-1616-1
http://www.vupen.com/english/advisories/2010/1448
http://www.vupen.com/english/advisories/2011/0122
https://bugzilla.redhat.com/show_bug.cgi?id=482814