CVE-2013-2217

Published: 23/09/2013 Updated: 22/04/2019

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 111

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jeff ortel suds 0.4
redhat enterprise linux 6.0
opensuse opensuse 12.3
redhat enterprise linux 5
opensuse opensuse 12.2

Suds could be made to overwrite files ...

Debian Bug report logs - #714340 suds: CVE-2013-2217: Insecure temporary directory use when initializing file-based URL cache Package: suds; Maintainer for suds is Scott Talbert <swt@techienet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 Jun 2013 05:27:01 UTC Severity: important Tags: securi ...

cachepy in Suds 04, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/ ...

CWE-59 http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html http://www.openwall.com/lists/oss-security/2013/06/27/8 https://bugzilla.redhat.com/show_bug.cgi?id=978696 http://www.ubuntu.com/usn/USN-2008-1 https://nvd.nist.gov https://usn.ubuntu.com/2008-1/https://access.redhat.com/security/cve/cve-2013-2217

CVE-2013-2217

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect