Your submission was sent successfully! Close

CVE-2008-5983

Published: 27 January 2009

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

Priority

Low

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy
Released (2.4.5-1ubuntu4.4)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (2.5.2-2ubuntu6.2)
intrepid Needed
(reached end-of-life)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream Needs triage

python2.6
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(reached end-of-life)
lucid
Released (2.6.5-1ubuntu6.1)
maverick Not vulnerable
(2.6.6-5ubuntu1)
natty Not vulnerable

oneiric Not vulnerable

precise Does not exist

quantal Does not exist

upstream
Released (2.6.5+20100529-1)
python2.7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

maverick Not vulnerable
(2.7-6)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

upstream
Released (2.7-1)
python3.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (3.1.2-0ubuntu3.2)
natty Not vulnerable
(3.1.3-1ubuntu1)
oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (3.1.3-1)
python3.2
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

natty Not vulnerable
(3.2-1ubuntu1)
oneiric Not vulnerable

precise Not vulnerable

quantal Not vulnerable

upstream
Released (3.2)