Untrusted Search Path Vulnerability in Eye of GNOME by The GNOME Project
CVE-2008-5987

Currently unrated

Key Information:

Vendor: Gnome
Status: Eog
Vendor: CVE Published:; 28 January 2009

What is CVE-2008-5987?

A vulnerability exists in the Python interface of Eye of GNOME that allows local users to execute arbitrary code through a Trojan horse Python file located in the current working directory. This flaw is related to the improper handling of arguments in the PySys_SetArgv function, which could be exploited to manipulate the execution environment, potentially leading to unauthorized code execution.

References

http://www.openwall.com/lists/oss-security/2009/01/26/2

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504352

x_refsource_CONFIRM

http://www.securityfocus.com/bid/33443

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2009
Vulnerability Reserved
Jan 27, 2009

Gnome

What is CVE-2008-5987?

References

Timeline