Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4944

Overview

Vulnerability Score 1.9 1.9
CVE Id CVE-2011-4944
Last Modified 30 Oct 2013 11:21:29
Published 27 Aug 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4944

Summary

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Vulnerable Systems

Application

  • Python 2.6

  • Python 2.6.1

  • Python 2.6.2

  • Python 2.6.2150

  • Python 2.6.3

  • Python 2.6.4

  • Python 2.6.5

  • Python 2.6.6

  • Python 2.6.6150

  • Python 2.6.7

  • Python 2.6.8

  • Python 2.7

  • Python 2.7.1

  • Python 2.7.1150

  • Python 2.7.2

  • Python 2.7.2150

  • Python 2.7.3

  • Python 3.0

  • Python 3.0.1

  • Python 3.1

  • Python 3.1.1

  • Python 3.1.2

  • Python 3.1.2150

  • Python 3.1.3

  • Python 3.1.4

  • Python 3.1.5

  • Python 3.2


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=758905

MLIST - [oss-security] 20120327 Re: CVE request: distutils creates ~/.pypirc insecurely

MLIST - [oss-security] 20120327 CVE request: distutils creates ~/.pypirc insecurely

CONFIRM - http://bugs.python.org/issue13512

CONFIRM - http://bugs.python.org/file23824/pypirc-secure.diff

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555

UBUNTU - USN-1596-1

UBUNTU - USN-1613-2

UBUNTU - USN-1615-1

UBUNTU - USN-1613-1

UBUNTU - USN-1592-1

SECUNIA - 51089

UBUNTU - USN-1616-1

SECUNIA - 51087

SECUNIA - 51040

SECUNIA - 51024

SECUNIA - 50858

APPLE - APPLE-SA-2013-10-22-3

Related Patches

Red Hat 2012:0745-01 RHSA Moderate: python security update for RHEL 5 x86

Red Hat 2012:0745-01 RHSA Moderate: python security update for RHEL 5 x86_64

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 i586


Last Updated: 27 May 2016 11:00:22