CVE-2008-4863
Published: 1 November 2008
Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.
Priority
Status
Package | Release | Status |
---|---|---|
blender Launchpad, Ubuntu, Debian |
dapper |
Released
(2.41-1ubuntu4.1)
|
gutsy |
Released
(2.44-2ubuntu2.1)
|
|
hardy |
Released
(2.45-4ubuntu1.1)
|
|
intrepid |
Released
(2.46+dfsg-4ubuntu0.1)
|
|
upstream |
Released
(2.46+dfsg-5)
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/blender/2.42a-8/01_sanitize_sys.path |