Published: 23/09/2013 Updated: 22/04/2019

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 111

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Vulnerable Product	Search on Vulmon	Subscribe to Product
jeff ortel suds 0.4
redhat enterprise linux 6.0
redhat enterprise linux 5
opensuse opensuse 12.2
opensuse opensuse 12.3

Debian Bug report logs - #714340 suds: CVE-2013-2217: Insecure temporary directory use when initializing file-based URL cache Package: suds; Maintainer for suds is Scott Talbert <swt@techienet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 Jun 2013 05:27:01 UTC Severity: important Tags: securi ...

Suds could be made to overwrite files ...

cachepy in Suds 04, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/ ...

CWE-59 http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html http://www.openwall.com/lists/oss-security/2013/06/27/8 https://bugzilla.redhat.com/show_bug.cgi?id=978696 http://www.ubuntu.com/usn/USN-2008-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714340 https://usn.ubuntu.com/2008-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-2217

CVE-2013-2217

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect