Saturday, September 25, 2010

python-updater: Untrusted search path

Users of python-updater please be advised of an Untrusted search path vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
GLSA 201009-08: [GLSA 201009-08] python-updater: Untrusted search path
Description

===========



Robert Buchholz of the Gentoo Security Team reported that

python-updater includes the current working directory and

subdirectories in the Python module search path (sys.path) before

calling "import".
Impact

======



A local attacker could entice the root user to run "python-updater"

from a directory containing a specially crafted Python module,

resulting in the execution of arbitrary code with root privileges.
Read more at www.criticalwatch.com
 
See this Amp at http://bit.ly/cBrAlN

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)