CVE-2008-5985
published 2009-01-28CVE-2008-5985: Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a…
PriorityP420medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.37%
29.2th percentile
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | epiphany-browser | < epiphany-browser 2.22.3-7 (bookworm) | epiphany-browser 2.22.3-7 (bookworm) |
| gnome | epiphany | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5mj6-92x2-j3r9: Untrusted search path vulnerability in the Python interface in Epiphany 2
ghsa_unreviewed·2022-05-17·CVSS 6.9
CVE-2008-5985 [MEDIUM] GHSA-5mj6-92x2-j3r9: Untrusted search path vulnerability in the Python interface in Epiphany 2
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
OSV
CVE-2008-5985: Untrusted search path vulnerability in the Python interface in Epiphany 2
osv·2009-01-28·CVSS 6.9
CVE-2008-5985 [MEDIUM] CVE-2008-5985: Untrusted search path vulnerability in the Python interface in Epiphany 2
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Debian
CVE-2008-5985: epiphany-browser - Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, ...
vendor_debian·2008·CVSS 6.9
CVE-2008-5985 [MEDIUM] CVE-2008-5985: epiphany-browser - Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, ...
Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
Scope: local
bookworm: resolved (fixed in 2.22.3-7)
bullseye: resolved (fixed in 2.22.3-7)
forky: resolved (fixed in 2.22.3-7)
sid: resolved (fixed in 2.22.3-7)
trixie: resolved (fixed in 2.22.3-7)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-5985 epiphany: untrusted python modules search path [fedora-all]
bugzilla·2010-12-23·CVSS 6.9
CVE-2008-5985 [MEDIUM] CVE-2008-5985 epiphany: untrusted python modules search path [fedora-all]
CVE-2008-5985 epiphany: untrusted python modules search path [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=481548
Please note: this issue affects multiple
Bugzilla
CVE-2008-5985 epiphany: untrusted python modules search path
bugzilla·2009-01-26·CVSS 6.9
CVE-2008-5985 [MEDIUM] CVE-2008-5985 epiphany: untrusted python modules search path
CVE-2008-5985 epiphany: untrusted python modules search path
Untrusted search path vulnerability in Epiphany's Python interface allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
References:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363
Test case available in:
http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html
Proposed patch:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=sanitize_sys.path.diff;att=1;bug=504363
Patch notes:
The path for affected file in Fedora is BUILD/epiphany-N.V.R/src/ephy-python.c,
the proposed patch won't apply cleanly, but the change of:
++
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363http://secunia.com/advisories/34187http://www.gentoo.org/security/en/glsa/glsa-200903-16.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:048http://www.openwall.com/lists/oss-security/2009/01/26/2http://www.securityfocus.com/bid/33441https://bugzilla.redhat.com/show_bug.cgi?id=481548http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504363http://secunia.com/advisories/34187http://www.gentoo.org/security/en/glsa/glsa-200903-16.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:048http://www.openwall.com/lists/oss-security/2009/01/26/2http://www.securityfocus.com/bid/33441https://bugzilla.redhat.com/show_bug.cgi?id=481548
2009-01-28
Published