Launchpad.net

CVE 2009-0316

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Related bugs and status

CVE-2009-0316 (Candidate) is related to these bugs:

Bug #322196: Untrusted search path vulnerability in Python and multiple other programs

		In	Importance	Status
322196	Untrusted search path vulnerability in Python and multiple other programs	python2.5 (Ubuntu)	Low	Invalid
322196	Untrusted search path vulnerability in Python and multiple other programs	python2.4 (Ubuntu)	Low	Invalid
322196	Untrusted search path vulnerability in Python and multiple other programs	dia (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	epiphany (Ubuntu)	Undecided	Invalid
322196	Untrusted search path vulnerability in Python and multiple other programs	csound (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	eog (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	gedit (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	xchat (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	vim (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	nautilus-python (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	gnumeric (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	epiphany-browser (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	python2.3 (Ubuntu)	Undecided	Won't Fix
322196	Untrusted search path vulnerability in Python and multiple other programs	gedit	Medium	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	python2.6 (Ubuntu)	Low	Fix Released
322196	Untrusted search path vulnerability in Python and multiple other programs	Python	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-0316

Related bugs and status

Related bugs

References