Vulnerability Details : CVE-2008-5983
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.
Vulnerability category: File inclusionExecute code
Products affected by CVE-2008-5983
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Threat overview for CVE-2008-5983
Top countries where our scanners detected CVE-2008-5983
Top open port discovered on systems with this issue
8123
IPs affected by CVE-2008-5983 114,360
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2008-5983!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-5983
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5983
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2008-5983
-
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5983
-
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
Error 404 Not FoundBroken Link
-
http://www.ubuntu.com/usn/USN-1613-2
USN-1613-2: Python 2.4 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=482814
Issue Tracking;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1596-1
USN-1596-1: Python 2.6 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2011-0027.html
SupportThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200903-41.xml
gedit: Untrusted search path (GLSA 200903-41) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/01/26/2
oss-security - CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2011/0122
Webmail | OVH- OVHPermissions Required
-
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042751.html
[SECURITY] Fedora 13 Update: python-2.6.4-27.fc13Mailing List;Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1448
Webmail | OVH- OVHPermissions Required
-
http://security.gentoo.org/glsa/glsa-200904-06.xml
Eye of GNOME: Untrusted search path (GLSA 200904-06) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/01/30/2
Mailing List;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1616-1
USN-1616-1: Python 3.1 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg586010.html
Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1613-1
USN-1613-1: Python 2.5 vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2009/01/28/5
Mailing List;Third Party Advisory
Jump to