Showing 1 - 4 of 4

CVE-2008-4863

Status Candidate

Overview

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

Related Files

Gentoo Linux Security Advisory 201001-7: Posted Jan 14, 2010; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.; tags | advisory, arbitrary, python; systems | linux, gentoo; advisories | CVE-2008-4863; SHA-256 | d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7; Download | Favorite | View

Mandriva Linux Security Advisory 2009-038: Posted Dec 9, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.; tags | advisory, arbitrary, local, python; systems | linux, mandriva; advisories | CVE-2008-4863; SHA-256 | 9a26844c67c94caa224d0a62392f35e4642f54fb484c6efa85d144cc839b5606; Download | Favorite | View

Mandriva Linux Security Advisory 2009-038: Posted Feb 16, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability.; tags | advisory, arbitrary, local, python; systems | linux, mandriva; advisories | CVE-2008-4863; SHA-256 | 1e99fa3a1f0f0ec04047779edd481b19ceb202904e32e8a38780b66885631ce7; Download | Favorite | View

Ubuntu Security Notice 699-1: Posted Dec 30, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.; tags | advisory, arbitrary, local, python; systems | linux, ubuntu; advisories | CVE-2008-1102, CVE-2008-4863; SHA-256 | 5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 221 files
Ubuntu 64 files
indoushka 59 files
Debian 21 files
LiquidWorm 19 files
Google Security Research 8 files
Gentoo 7 files
Seth Jenkins 4 files
Emiliano Febbi 4 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,117)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,147)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (391)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,676)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,132)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,946)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

CVE-2008-4863

Overview

Related Files

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems