CVE-2008-5986

NameCVE-2008-5986
DescriptionUntrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs504359

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
csound (PTS)jessie1:6.03.2~dfsg-1fixed
stretch1:6.08.0~dfsg-1fixed
buster, sid1:6.12.2~dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
csoundsource(unstable)5.08.2~dfsg-1.1low504359
csoundsourceetch(not affected)
csoundsourcelenny1:5.08.0.dfsg2-8+lenny2low504359

Notes

[etch] - csound <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems