Bug 92926

Summary:	dev-python/cheetah Insecure Module Importing
Product:	Gentoo Security	Reporter:	Sune Kloppenborg Jeppesen (RETIRED) <jaervosz>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	python
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Other
URL:	http://secunia.com/advisories/15386/
Whiteboard:	B2 [glsa] jaervosz
Package list:		Runtime testing required:	---

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-17 08:00:20 UTC

Description:
Brian Bird has reported a vulnerability in Cheetah, which can be exploited by malicious, local users to gain escalated privileges.
 
 The vulnerability is caused due to Cheetah searching for modules in the world-writable "/tmp" directory before looking in the PythonPath when importing modules. This can be exploited to execute arbitrary code with escalated privileges by placing a malicious module in the "/tmp" directory.

Solution:
The vulnerability has been fixed in version 0.9.17-rc1.

Provided and/or discovered by:
Brian Bird

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2005-05-17 10:28:59 UTC

Python team, please bump

Comment 2 Rob Cakebread (RETIRED) gentoo-dev

2005-05-17 14:10:03 UTC

Bumped to 0.9.17-rc1 in CVS, removed vulnerable versions.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-17 14:19:59 UTC

Thx for the swift reaction. Committed directly to stable this one is ready for 
GLSA.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-19 10:02:00 UTC

GLSA 200505-14