Arbitrary Code Execution via python-dbusmock AddTemplate() Method

Arbitrary Code Execution via python-dbusmock AddTemplate() Method

CVE-2015-1326 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.

Learn more about our Cis Benchmark Audit For Server Software.