[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE id request: blender
From: Steffen Joeris <steffen.joeris () skolelinux ! de>
Date: 2008-10-27 6:57:58
Message-ID: 200810271758.03646.steffen.joeris () skolelinux ! de
[Download RAW message or body]
Hi
There is a programming error in blender that can lead to arbitrary code
execution.
Description:
Blender's BPY_interface calls PySys_SetArgv such that Python prepends
sys.path with an empty string. This allows the possibility to run
arbitrary code on the user's system if there is a python file in
Blender's working directory named the same as one that Blender's python
scripts try to import.
Debian Bug report:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632
Could I please get a CVE id for this?
Cheers
Steffen
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic