Published: 31/12/2011 Updated: 01/02/2012

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

virtualenv.py in virtualenv prior to 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python virtualenv 1.4.7
python virtualenv 1.4.6
python virtualenv 1.3.4
python virtualenv 1.3.3
python virtualenv 1.3.2
python virtualenv 0.9.2
python virtualenv 0.9.1
python virtualenv 1.4.3
python virtualenv 1.4.2
python virtualenv 1.2
python virtualenv 1.1.1
python virtualenv 0.8.3
python virtualenv 0.8.2
python virtualenv 1.4.5
python virtualenv 1.4.4
python virtualenv 1.3.1
python virtualenv 1.3
python virtualenv 0.9
python virtualenv 0.8.4
python virtualenv
python virtualenv 1.4.8
python virtualenv 1.4.1
python virtualenv 1.4
python virtualenv 1.1
python virtualenv 1.0
python virtualenv 0.8.1
python virtualenv 0.8

Debian Bug report logs - #652653 python-virtualenv: insecure /tmp file handling Package: python-virtualenv; Maintainer for python-virtualenv is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-virtualenv is src:python-virtualenv (PTS, buildd, popcon) Reported by: Nico Golde <nion ...

CWE-59 http://openwall.com/lists/oss-security/2011/12/19/5 http://openwall.com/lists/oss-security/2011/12/19/2 https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5 http://openwall.com/lists/oss-security/2011/12/19/4 http://secunia.com/advisories/47240 http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652653 https://nvd.nist.gov

CVE-2011-4617

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect