Date: Mon, 27 Oct 2008 17:57:58 +1100 From: Steffen Joeris <steffen.joeris@...lelinux.de> To: oss-security <oss-security@...ts.openwall.com> Cc: coley@...re.org Subject: CVE id request: blender Hi There is a programming error in blender that can lead to arbitrary code execution. Description: Blender's BPY_interface calls PySys_SetArgv such that Python prepends sys.path with an empty string. This allows the possibility to run arbitrary code on the user's system if there is a python file in Blender's working directory named the same as one that Blender's python scripts try to import. Debian Bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=503632 Could I please get a CVE id for this? Cheers Steffen Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.