Vulnerability CVE-2008-5983

Vulnerability Name:

CVE-2008-5983 (CCN-48340)

Assigned:

2008-08-06

Published:

2008-08-06

Updated:

2022-07-05

Summary:

Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.

CVSS v3 Severity:

9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
4.8 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.9 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
4.8 Medium (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

3.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-426

Vulnerability Consequences:

Gain Privileges

References:

Source: CCN
Type: Debian Bug report logs - #493937
bicyclerepair: bike.vim imports untrusted python files from cwd

Source: MITRE
Type: CNA
CVE-2008-5983

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2010-9652

Source: CCN
Type: RHSA-2011-0027
Low: python security, bug fix, and enhancement update

Source: SECUNIA
Type: Not Applicable
34522

Source: SECUNIA
Type: Not Applicable
40194

Source: SECUNIA
Type: Not Applicable
42888

Source: SECUNIA
Type: Not Applicable
50858

Source: SECUNIA
Type: Not Applicable
51024

Source: SECUNIA
Type: Not Applicable
51040

Source: SECUNIA
Type: Not Applicable
51087

Source: GENTOO
Type: Third Party Advisory
GLSA-200903-41

Source: GENTOO
Type: Third Party Advisory
GLSA-200904-06

Source: CCN
Type: GLSA-200903-41
gedit: Untrusted search path

Source: CCN
Type: GLSA-200904-06
Eye of GNOME: Untrusted search path

Source: MLIST
Type: Patch, Third Party Advisory
[debian-bugs] 20081112 Bug#493937: [Patch] Prevent loading of Python modules in working directory

Source: MLIST
Type: Broken Link
[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20090128 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

Source: MLIST
Type: Mailing List, Third Party Advisory
[oss-security] 20090130 Re: CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

Source: CCN
Type: OSVDB ID: 53000
Gnumeric GObject Python Interpreter Wrapper Search Path Subversion Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 53373
Python PySys_SetArgv API Function Search Path Subversion Local Privilege Escalation

Source: CCN
Type: Python Web site
Python Programming Language

Source: REDHAT
Type: Third Party Advisory
RHSA-2011:0027

Source: CCN
Type: BID-40862
Python 'PySys_SetArgv' Remote Command Execution Vulnerability

Source: UBUNTU
Type: Third Party Advisory
USN-1596-1

Source: UBUNTU
Type: Third Party Advisory
USN-1613-1

Source: UBUNTU
Type: Third Party Advisory
USN-1613-2

Source: UBUNTU
Type: Third Party Advisory
USN-1616-1

Source: VUPEN
Type: Permissions Required
ADV-2010-1448

Source: VUPEN
Type: Permissions Required
ADV-2011-0122

Source: MISC
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=482814

Source: XF
Type: UNKNOWN
python-pysyssetargv-privilege-escalation(48340)

Vulnerable Configuration:

Configuration 1:

cpe:/a:python:python:*:*:*:*:*:*:*:* (Version >= 3.1.0 and < 3.1.3)

OR cpe:/a:python:python:*:*:*:*:*:*:*:* (Version < 2.6.6)

Configuration 2:

cpe:/o:fedoraproject:fedora:13:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:python:python:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:1.6:*:*:*:*:*:*:*

OR cpe:/a:python:python:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.0.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.0:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.4:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.5:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.6:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.3:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.4:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.2:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.3.7:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.5:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.4.6:*:*:*:*:*:*:*

OR cpe:/a:python:python:2.5.4:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:18043	P	USN-1596-1 -- python2.6 vulnerabilities	2014-07-07
oval:org.mitre.oval:def:18020	P	USN-1613-2 -- python2.4 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:17830	P	USN-1613-1 -- python2.5 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:17941	P	USN-1616-1 -- python3.1 vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22821	P	ELSA-2011:0027: python security, bug fix, and enhancement update (Low)	2014-05-26
oval:org.mitre.oval:def:21921	P	RHSA-2011:0027: python security, bug fix, and enhancement update (Low)	2014-02-24
oval:com.redhat.rhsa:def:20110027	P	RHSA-2011:0027: python security, bug fix, and enhancement update (Low)	2011-01-13
oval:com.ubuntu.precise:def:20085983000	V	CVE-2008-5983 on Ubuntu 12.04 LTS (precise) - low.	2009-01-27

BACK