python-updater: Untrusted search path — GLSA 201009-08

An untrusted search path vulnerability in python-updater might result in the execution of arbitrary code.

Affected Packages

app-admin/python-updater on all architectures
Affected versions < 0.7-r1
Unaffected versions >= 0.7-r1

Background

python-updater is a script used to remerge python packages when changing Python version.

Description

Robert Buchholz of the Gentoo Security Team reported that python-updater includes the current working directory and subdirectories in the Python module search path (sys.path) before calling "import".

Impact

A local attacker could entice the root user to run "python-updater" from a directory containing a specially crafted Python module, resulting in the execution of arbitrary code with root privileges.

Workaround

Do not run "python-updater" from untrusted working directories.

Resolution

All python-updater users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-admin/python-updater-0.7-r1"

References

Release Date
September 21, 2010

Latest Revision
September 21, 2010: 01

Severity
high

Exploitable
local

Bugzilla entries