CVE-2005-1632

Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/.

Published Bycve@mitre.org

Published DateMay 17, 2005, 04:00

Affected Versions(1)

cheetah(PyPI)

Introduced0.9.15

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
cheetah(PyPI)	0.9.15	N/A	N/A

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.2

Vector String

AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE

References

http://secunia.com/advisories/15386
http://sourceforge.net/mailarchive/forum.php?thread_id=7070332&forum_id=1542
http://www.osvdb.org/16622

Weakness Type (CWE):NVD-CWE-Other

CVSS Metrics

Base Score

7.2

Vector String

AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE