Showing 1 - 4 of 4

CVE-2008-4863

Status Candidate

Overview

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

Related Files

Gentoo Linux Security Advisory 201001-7: Posted Jan 14, 2010; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201001-7 - An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. Steffen Joeris reported that Blender's BPY_interface calls PySys_SetArgv() in such a way that Python prepends sys.path with an empty string. Versions less than 2.48a-r3 are affected.; tags | advisory, arbitrary, python; systems | linux, gentoo; advisories | CVE-2008-4863; SHA-256 | d3757185463cd9fc168c7f705922658f8d6ef78452b0a83331a107ab332746d7; Download | Favorite | View

Mandriva Linux Security Advisory 2009-038: Posted Dec 9, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability. Packages for 2008.0 are being provided due to extended support for Corporate products.; tags | advisory, arbitrary, local, python; systems | linux, mandriva; advisories | CVE-2008-4863; SHA-256 | 9a26844c67c94caa224d0a62392f35e4642f54fb484c6efa85d144cc839b5606; Download | Favorite | View

Mandriva Linux Security Advisory 2009-038: Posted Feb 16, 2009; Authored by Mandriva | Site mandriva.com; Mandriva Linux Security Advisory 2009-038 - Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current Blender working directory. This update provides fix for that vulnerability.; tags | advisory, arbitrary, local, python; systems | linux, mandriva; advisories | CVE-2008-4863; SHA-256 | 1e99fa3a1f0f0ec04047779edd481b19ceb202904e32e8a38780b66885631ce7; Download | Favorite | View

Ubuntu Security Notice 699-1: Posted Dec 30, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice USN-699-1 - It was discovered that Blender did not correctly handle certain malformed Radiance RGBE images. If a user were tricked into opening a .blend file containing a specially crafted Radiance RGBE image, an attacker could execute arbitrary code with the user's privileges. It was discovered that Blender did not properly sanitize the Python search path. A local attacker could execute arbitrary code by inserting a specially crafted Python file in the Blender working directory.; tags | advisory, arbitrary, local, python; systems | linux, ubuntu; advisories | CVE-2008-1102, CVE-2008-4863; SHA-256 | 5cadcbf1d0c25ea0b4eeaefe61aba2f5aa7ba23cdc4e042bdbe6731fc0bbb9e2; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2008-4863

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems