CVE 2008-5983
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Related bugs and status
CVE-2008-5983 (Candidate) is related to these bugs:
Bug #322196: Untrusted search path vulnerability in Python and multiple other programs
Bug #788525: updating to python2.6.7 in lucid and updating
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
788525 | updating to python2.6.7 in lucid and updating | python2.6 (Ubuntu) | Undecided | Invalid |
See the
CVE page on Mitre.org
for more details.