[LAU] Csound Security Notice

From: David L. Craig <dlc@email-addr-hidden>
Date: Fri Jan 30 2009 - 15:05:30 EET

Csound 'PySys_SetArgv' Remote Command Execution Vulnerability
BugTraq ID: 33446
Remote: Yes
Last Updated: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33446
Summary:
Csound is prone to a remote command-execution vulnerability.

An attacker could exploit this issue by enticing an unsuspecting
victim to execute the vulnerable application in a directory
containing a malicious Python file. A successful exploit will
allow arbitrary Python commands to run with the privileges of
the currently logged-in user.

-- 
May the LORD God bless you exceedingly abundantly!
Dave Craig
-  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -  -
"'So the universe is not quite as you thought it was.
 You'd better rearrange your beliefs, then.
 Because you certainly can't rearrange the universe.'"
--from _Nightfall_  by Asimov/Silverberg
_______________________________________________
Linux-audio-user mailing list
Linux-audio-user@email-addr-hidden
http://lists.linuxaudio.org/mailman/listinfo/linux-audio-user
Received on Fri Jan 30 16:15:02 2009

This archive was generated by hypermail 2.1.8 : Fri Jan 30 2009 - 16:15:03 EET