CVE-2008-5983

NONECVSS 0.0

0.0

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

🔗 References (46)

cve@mitrehttp://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
cve@mitrehttp://secunia.com/advisories/34522
cve@mitrehttp://secunia.com/advisories/40194
cve@mitrehttp://secunia.com/advisories/42888
cve@mitrehttp://secunia.com/advisories/50858
cve@mitrehttp://secunia.com/advisories/51024
cve@mitrehttp://secunia.com/advisories/51040
cve@mitrehttp://secunia.com/advisories/51087
cve@mitrehttp://security.gentoo.org/glsa/glsa-200903-41.xml
cve@mitrehttp://security.gentoo.org/glsa/glsa-200904-06.xml
cve@mitrehttp://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg586010.html
cve@mitrehttp://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
cve@mitrehttp://www.openwall.com/lists/oss-security/2009/01/26/2
cve@mitrehttp://www.openwall.com/lists/oss-security/2009/01/28/5
cve@mitrehttp://www.openwall.com/lists/oss-security/2009/01/30/2

Is Your Infrastructure Affected by CVE-2008-5983?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-5983

📅 Published

🔄 Last Modified

🔗 References (46)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-5983?