Published: 27/08/2012 Updated: 25/10/2019

CVSS v2 Base Score: 1.9 | Impact Score: 2.9 | Exploitability Score: 3.4

VMScore: 169

Vector: AV:L/AC:M/Au:N/C:P/I:N/A:N

Python 2.6 up to and including 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python 2.6.2
python python 2.6.5
python python 2.7.2
python python 2.7.1
python python 3.2
python python 2.6.2150
python python 2.6.6
python python 2.6.4
python python 2.7.2150
python python 3.0.1
python python 3.0
python python 2.6.7
python python 2.6.8
python python 2.6.1
python python 2.6.3
python python 2.7.1150
python python 3.1.2
python python 3.1.1
python python 3.1.4
python python 3.1.3
python python 2.6.6150
python python 3.1.2150
python python 3.1
python python 2.7.3
python python 3.1.5

Debian Bug report logs - #615118 python26: distutils creates pypirc insecurely Package: python26; Maintainer for python26 is (unknown); Reported by: Jakub Wilk <jwilk@debianorg> Date: Fri, 25 Feb 2011 21:09:01 UTC Severity: important Tags: security Found in version python26/266-8 Fixed in version python26/268-1 ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability ...

A denial of service flaw was found in the implementation of associative arrays (dictionaries) in Python An attacker able to supply a large number of inputs to a Python application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, ...

Several security issues were fixed in Python 27 ...

Several security issues were fixed in Python 32 ...

Several security issues were fixed in Python 24 ...

Several security issues were fixed in Python 31 ...

Several security issues were fixed in Python 25 ...

Several security issues were fixed in Python 26 ...

CWE-264 http://www.openwall.com/lists/oss-security/2012/03/27/10 http://www.openwall.com/lists/oss-security/2012/03/27/2 https://bugzilla.redhat.com/show_bug.cgi?id=758905 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555 http://bugs.python.org/issue13512 http://bugs.python.org/file23824/pypirc-secure.diff http://www.openwall.com/lists/oss-security/2012/03/27/5 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1613-2 http://www.ubuntu.com/usn/USN-1613-1 http://www.ubuntu.com/usn/USN-1592-1 http://www.ubuntu.com/usn/USN-1615-1 http://secunia.com/advisories/51089 http://secunia.com/advisories/51040 http://secunia.com/advisories/50858 http://www.ubuntu.com/usn/USN-1616-1 http://secunia.com/advisories/51087 http://secunia.com/advisories/51024 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615118 https://nvd.nist.gov https://usn.ubuntu.com/1592-1/https://alas.aws.amazon.com/ALAS-2012-98.html

CVE-2011-4944

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect