CVE-2008-4863

Published: 1 November 2008

Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.

Priority

Status

Package	Release	Status
blender Launchpad, Ubuntu, Debian	dapper	Released (2.41-1ubuntu4.1)
	gutsy	Released (2.44-2ubuntu2.1)
	hardy	Released (2.45-4ubuntu1.1)
	intrepid	Released (2.46+dfsg-4ubuntu0.1)
	upstream	Released (2.46+dfsg-5)
	Patches: vendor: http://patch-tracking.debian.net/patch/series/view/blender/2.42a-8/01_sanitize_sys.path

References

https://ubuntu.com/security/notices/USN-699-1
https://www.cve.org/CVERecord?id=CVE-2008-4863
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.