CVE-2008-5985
First published: Mon Jan 26 2009(Updated: )
Untrusted search path vulnerability in Epiphany's Python interface allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function. References: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363</a> Test case available in: <a href="http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html">http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html</a> Proposed patch: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=sanitize_sys.path.diff;att=1;bug=504363">http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=sanitize_sys.path.diff;att=1;bug=504363</a> Patch notes: The path for affected file in Fedora is BUILD/epiphany-N.V.R/src/ephy-python.c, the proposed patch won't apply cleanly, but the change of: ++ /* Sanitize sys.path to prevent relative imports loading modules in ++ * the current working directory ++ */ ++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)") in ephy-python.c should be enough to fix this issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME Epiphany | =2.22.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363
- http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
- http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=sanitize_sys.path.diff;att=1;bug=504363
- https://access.redhat.com/security/cve/CVE-2008-5985
- https://access.redhat.com/security/cve/CVE-2008-5983
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985
- http://www.openwall.com/lists/oss-security/2009/01/26/2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=482814#c1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=482814#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=482814#c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=481556#c8
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=665467
- https://bugzilla.redhat.com/show_bug.cgi?id=481548
- http://www.securityfocus.com/bid/33441
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:048
- http://www.gentoo.org/security/en/glsa/glsa-200903-16.xml
- http://secunia.com/advisories/34187
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2008-5985
- vendor/gnome
- canonical/gnome epiphany
- version/gnome epiphany/2.22.3