registry team mailing list archive

Thread
Date

[Bug 322196] Re: Untrusted search path vulnerability in Python and multiple other programs

To: registry@xxxxxxxxxxxxxxxxxxx
From: Artur Rona <ari-tczew@xxxxxxx>
Date: Sun, 30 May 2010 18:12:55 -0000
Reply-to: Bug 322196 <322196@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

  There's an interesting bug (or feature?) in Python 2.6 and earlier that
  affects multiple applications using Python. The bug allows local or
  user-assisted remote arbitrary code execution. Here is the description
  of the Python CVE:
  
  "Untrusted search path vulnerability in the PySys_SetArgv API function
  in Python before 2.6 prepends an empty string to sys.path when the
  argv[0] argument does not contain a path separator, which might allow
  local users to execute arbitrary code via a Trojan horse Python file
  in the current working directory."
  
  (Python 2.6 is vulnerable, too. See the comments.)
  
  Affected packages are, at least:
  
- CVE-2008-4863 - Blender (already fixed in Ubuntu, I think) 
+ CVE-2008-4863 - Blender (already fixed in Ubuntu, I think)
  CVE-2008-5983 - Python
  CVE-2008-5984 - Dia
  CVE-2008-5985 - Epiphany
  CVE-2008-5986 - Csound
  CVE-2008-5987 - eog
  CVE-2009-0314 - gedit
  CVE-2009-0315 - xchat
  CVE-2009-0316 - vim
  CVE-2009-0317 - Nautilus
  CVE-2009-0318 - Gnumeric
  
  I'm not sure which versions of these packages and which Ubuntu releases
  are actually affected, though.
  
  Source and more information:
  oss-security thread at http://www.openwall.com/lists/oss-security/2009/01/28/2
+ http://www.openwall.com/lists/oss-security/2009/01/26/2

-- 
Untrusted search path vulnerability in Python and multiple other programs
https://bugs.launchpad.net/bugs/322196
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for gedit.