CVE-2008-5985
Summary
| CVE | CVE-2008-5985 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-01-28 11:30:00 UTC |
| Updated | 2009-03-19 05:48:00 UTC |
| Description | Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983). |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric) | MLIST | www.openwall.com | |
| #504363 - epiphany-browser: Python plugins load modules from current directory - Debian Bug report logs | CONFIRM | bugs.debian.org | |
| Security Advisory SA34187 - Gentoo update for epiphany - Secunia | SECUNIA | secunia.com | |
| Epiphany 'PySys_SetArgv' Remote Command Execution Vulnerability | BID | www.securityfocus.com | |
| Support / Security / Advisories / / MDVSA-2009:048 | Mandriva | MANDRIVA | www.mandriva.com | |
| Bug 481548 – CVE-2008-5985 epiphany: untrusted python modules search path | CONFIRM | bugzilla.redhat.com | |
| Gentoo Linux Documentation -- Epiphany: Untrusted search path | GENTOO | www.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.