Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21590
HistoryApr 07, 2009 - 12:00 a.m.

[ GLSA 200904-06 ] Eye of GNOME: Untrusted search path

2009-04-0700:00:00
vulners.com
15
JSON

Gentoo Linux Security Advisory GLSA 200904-06

                                        http://security.gentoo.org/

Severity: Normal
Title: Eye of GNOME: Untrusted search path
Date: April 06, 2009
Bugs: #257002
ID: 200904-06

Synopsis

An untrusted search path vulnerability in the Eye of GNOME might result
in the execution of arbitrary code.

Background

The Eye of GNOME is the official image viewer for the GNOME Desktop
environment.

Affected packages

-------------------------------------------------------------------
 Package        /   Vulnerable   /                      Unaffected
-------------------------------------------------------------------

1 media-gfx/eog < 2.22.3-r3 >= 2.22.3-r3

Description

James Vega reported an untrusted search path vulnerability in the
GObject Python interpreter wrapper in the Eye of GNOME, a vulnerabiliy
related to CVE-2008-5983.

Impact

A local attacker could entice a user to run the Eye of GNOME from a
directory containing a specially crafted python module, resulting in
the execution of arbitrary code with the privileges of the user running
the application.

Workaround

Do not run "eog" from untrusted working directories.

Resolution

All Eye of GNOME users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=media-gfx/eog-2.22.3-r3&quot;

References

[ 1 ] CVE-2008-5983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5983
[ 2 ] CVE-2008-5987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5987

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200904-06.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2009 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

prion 10
gentoo 2
nessus 18
openvas 30
cve 10
debiancve 9
ubuntucve 10
securityvulns 2
veracode 1
freebsd 1
seebug 1
fedora 4
redhat 1
oraclelinux 2
ubuntu 4
prion
prion
Design/Logic Flaw
2009-01-28 11:30:00
Design/Logic Flaw
2009-01-28 02:30:00
Design/Logic Flaw
2009-01-28 11:30:00
gentoo
gentoo
Eye of GNOME: Untrusted search path
2009-04-06 00:00:00
gedit: Untrusted search path
2009-03-30 00:00:00
nessus
nessus
GLSA-200904-06 : Eye of GNOME: Untrusted search path
2009-04-07 00:00:00
Mandriva Linux Security Advisory : eog (MDVSA-2009:063)
2009-04-23 00:00:00
FreeBSD : epiphany -- untrusted search path vulnerability (e848a92f-0e7d-11de-92de-000bcdc1757a)
2009-03-12 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200904-06 (eog)
2009-04-15 00:00:00
Gentoo Security Advisory GLSA 200904-06 (eog)
2009-04-15 00:00:00
Mandrake Security Advisory MDVSA-2009:063 (eog)
2009-03-07 00:00:00
cve
cve
CVE-2008-5987
2009-01-28 11:30:00
CVE-2008-5983
2009-01-28 02:30:00
CVE-2008-5986
2009-01-28 11:30:00
debiancve
debiancve
CVE-2008-5987
2009-01-28 11:30:00
CVE-2009-0314
2009-01-28 11:30:00
CVE-2009-0316
2009-01-28 11:30:00
ubuntucve
ubuntucve
CVE-2008-5987
2009-01-28 00:00:00
CVE-2008-5983
2009-01-27 00:00:00
CVE-2008-5986
2009-01-28 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:063 ] eog
2009-03-04 00:00:00
blender / gedit / gnumeric / vim / eog python scripts code execution
2009-04-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:53:08
freebsd
freebsd
epiphany -- untrusted search path vulnerability
2009-01-26 00:00:00
seebug
seebug
XChat PySys_SetArgvε‡½ζ•°ε‘½δ»€ζ‰§θ‘ŒζΌζ΄ž
2009-03-05 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: gnumeric-1.8.2-6.fc10
2009-02-05 02:15:12
[SECURITY] Fedora 13 Update: python3-3.1.2-7.fc13
2010-09-04 04:58:36
[SECURITY] Fedora 13 Update: python-2.6.4-27.fc13
2010-06-14 17:09:57
redhat
redhat
(RHSA-2011:0027) Low: python security, bug fix, and enhancement update
2011-01-13 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2011-05-28 00:00:00
python security, bug fix, and enhancement update
2011-01-20 00:00:00
ubuntu
ubuntu
Python 3.1 vulnerabilities
2012-10-24 00:00:00
Python 2.6 vulnerabilities
2012-10-04 00:00:00
Python 2.5 vulnerabilities
2012-10-17 00:00:00
JSON
Related for SECURITYVULNS:DOC:21590
prion10gentoo2nessus18openvas30cve10debiancve9ubuntucve10securityvulns2veracode1freebsd1seebug1fedora4redhat1oraclelinux2ubuntu4