Lucene search
RootSSV:4793HistoryFeb 19, 2009 - 12:00 a.m.
Dia Python插件使用不安全搜索路径漏洞
2009-02-1900:00:00
Root
www.seebug.org
13
EPSS
0
Percentile
5.1%
BUGTRAQ ID: 33448
CVE(CAN) ID: CVE-2008-5984
Dia是开放源码的流程图软件。
Dia的Python插件使用了不可信任的搜索路径,在调用PySys_SetArgv时Python向sys.path附加了空字符串。如果dia工作目录中的python文件名称与python脚本试图导入的文件名相同的话,就会导致在用户系统中执行任意代码。
GNOME Dia 0.96.1
厂商补丁:
GNOME
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.mandriva.com/en/download/” target=“_blank”>http://www.mandriva.com/en/download/</a>
Related
openvas
openvas
Fedora Core 10 FEDORA-2009-0943 (dia)
2009-02-02 00:00:00
Mandrake Security Advisory MDVSA-2009:046 (dia)
2009-02-23 00:00:00
Fedora Core 10 FEDORA-2009-0943 (dia)
2009-02-02 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : dia (MDVSA-2009:046-1)
2009-12-09 00:00:00
Mandriva Linux Security Advisory : dia (MDVSA-2009:040)
2009-04-23 00:00:00
freebsd
freebsd
dia -- remote command execution vulnerability
2009-01-26 00:00:00
osv
osv
dia-0.97.3-4.13 on GA media
2024-06-15 00:00:00
cvelist
cvelist
CVE-2008-5984
2009-01-28 11:00:00
prion
prion
Design/Logic Flaw
2009-01-28 11:30:00
debiancve
debiancve
CVE-2008-5984
2009-01-28 11:30:00
ubuntucve
ubuntucve
CVE-2008-5984
2009-01-28 00:00:00
nvd
nvd
CVE-2008-5984
2009-01-28 11:30:00
cve
cve
CVE-2008-5984
2009-01-28 11:30:00