Untrusted search path vulnerability in Python and multiple other programs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Python |
Fix Released
|
Unknown
|
|||
gedit |
Fix Released
|
Medium
|
|||
csound (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
dia (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
eog (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
epiphany (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
epiphany-browser (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
gedit (Ubuntu) |
Fix Released
|
Low
|
Ubuntu Desktop Bugs | ||
gnumeric (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
nautilus-python (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
python2.3 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned | ||
python2.4 (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
python2.5 (Ubuntu) |
Invalid
|
Low
|
Unassigned | ||
python2.6 (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
vim (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
xchat (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
There's an interesting bug (or feature?) in Python 2.6 and earlier that affects multiple applications using Python. The bug allows local or user-assisted remote arbitrary code execution. Here is the description of the Python CVE:
"Untrusted search path vulnerability in the PySys_SetArgv API function
in Python before 2.6 prepends an empty string to sys.path when the
argv[0] argument does not contain a path separator, which might allow
local users to execute arbitrary code via a Trojan horse Python file
in the current working directory."
(Python 2.6 is vulnerable, too. See the comments.)
Affected packages are, at least:
CVE-2008-4863 - Blender (already fixed in Ubuntu, I think)
CVE-2008-5983 - Python
CVE-2008-5984 - Dia
CVE-2008-5985 - Epiphany
CVE-2008-5986 - Csound
CVE-2008-5987 - eog
CVE-2009-0314 - gedit
CVE-2009-0315 - xchat
CVE-2009-0316 - vim
CVE-2009-0317 - Nautilus
CVE-2009-0318 - Gnumeric
I'm not sure which versions of these packages and which Ubuntu releases are actually affected, though.
Source and more information:
oss-security thread at http://
http://
Related branches
- Marc Deslauriers: Approve
-
Diff: 75 lines (+43/-1)4 files modifieddebian/changelog (+11/-0)
debian/control (+1/-1)
debian/patches/00list (+1/-0)
debian/patches/64_CVE-2009-0315.dpatch (+30/-0)
Changed in csound: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in dia: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in eog: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in gedit: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in gnumeric: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in nautilus: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in python2.4: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in python2.5: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in xchat: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in vim: | |
status: | New → Confirmed |
importance: | Undecided → Low |
Changed in epiphany: | |
status: | New → Invalid |
Changed in epiphany-browser: | |
status: | New → Confirmed |
Changed in python2.3: | |
status: | New → Confirmed |
Changed in gedit: | |
assignee: | nobody → desktop-bugs |
status: | Confirmed → Triaged |
Changed in gedit: | |
status: | Unknown → New |
Changed in python2.6 (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in python2.3 (Ubuntu): | |
status: | Confirmed → Won't Fix |
Changed in epiphany-browser (Ubuntu): | |
importance: | Undecided → Low |
description: | updated |
Changed in python: | |
status: | Unknown → Fix Released |
Changed in gedit: | |
status: | New → Fix Released |
Changed in gedit: | |
importance: | Unknown → Medium |
Adding CVE references: CVE-2008-5983, CVE-2008-5984, CVE-2008-5985, CVE-2008-5986, CVE-2008-5987,
CVE-2009-0314, CVE-2009-0315, CVE-2009-0316, CVE-2009-0317, CVE-2009-0318