Lucene search

Gentoo FoundationGLSA-200904-06

HistoryApr 06, 2009 - 12:00 a.m.

Eye of GNOME: Untrusted search path

2009-04-0600:00:00

Gentoo Foundation

security.gentoo.org

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.7%

JSON

Background

The Eye of GNOME is the official image viewer for the GNOME Desktop environment.

Description

James Vega reported an untrusted search path vulnerability in the GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy related to CVE-2008-5983.

Impact

A local attacker could entice a user to run the Eye of GNOME from a directory containing a specially crafted python module, resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

Do not run “eog” from untrusted working directories.

Resolution

All Eye of GNOME users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=media-gfx/eog-2.22.3-r3"

OSVersionArchitecturePackageVersionFilename
Gentooanyallmedia-gfx/eog< 2.22.3-r3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	media-gfx/eog	< 2.22.3-r3	UNKNOWN

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

23.7%

JSON

Related for GLSA-200904-06