CVE-2009-0317 : Untrusted search path vulnerability in the Python language bindings for Nautilus

Untrusted search path vulnerability in the Python language bindings for Nautilus (nautilus-python) allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Published 2009-01-28 11:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2009-0317

Gnome » Nautilus-python
cpe:2.3:a:gnome:nautilus-python:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-0317

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-0317

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2009-0317

http://www.securityfocus.com/bid/33442
http://www.openwall.com/lists/oss-security/2009/01/26/2

oss-security - CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=481570

481570 – (CVE-2009-0317) CVE-2009-0317 nautilus-python: untrusted python modules search path

Jump to

Vulnerability Details : CVE-2009-0317

Products affected by CVE-2009-0317

Exploit prediction scoring system (EPSS) score for CVE-2009-0317

CVSS scores for CVE-2009-0317

References for CVE-2009-0317