[CVE-2008-4863] - Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code
Bug #319501 reported by
Stefan Lesicnik
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
blender (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: blender
CVE 2008-4863
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
To post a comment you must log in.
This bug was fixed in the package blender - 2.44-2ubuntu2.1
---------------
blender (2.44-2ubuntu2.1) gutsy-security; urgency=low
* SECURITY UPDATE: Stack-based buffer overflow in the imb_loadhdr 2008-1102. diff: Upstream patch to address stack overflow. sys.path: Debian patch to no longer load modules from
function in Blender 2.45 allows user-assisted remote attackers
to execute arbitrary code via a .blend file that contains a crafted
Radiance RGBE image (LP: #222592)
- 20_CVE-
- CVE-2008-1102
* SECURITY UPDATE: Untrusted search path vulnerability in BPY_interface in
Blender 2.46 allows local users to execute arbitrary code via a Trojan
horse Python file in the current working directory, related to an
erroneous setting of sys.path by the PySys_SetArgv function. (LP: #319501)
- 01_sanitize_
current dir. Slightly modified from Debian patch as per recommendation
from debian patch author.
- CVE-2008-4863
-- Stefan Lesicnik <email address hidden> Wed, 21 Jan 2009 10:34:10 +0200