Published: 28/01/2014 Updated: 29/08/2017

CVSS v2 Base Score: 3.3 | Impact Score: 4.9 | Exploitability Score: 3.4

VMScore: 294

Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python pyxdg 0.25

Debian Bug report logs - #736247 python-xdg: get_runtime_dir(strict=False): insecure use of /tmp (CVE-2014-1624) Package: python-xdg; Maintainer for python-xdg is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Source for python-xdg is src:pyxdg (PTS, buildd, popcon) Reported by: Jakub Wilk <jwil ...

Race condition in the xdgBaseDirectoryget_runtime_dir function in python-xdg 025 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called ...

CWE-59 http://www.openwall.com/lists/oss-security/2014/01/21/4 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 http://www.openwall.com/lists/oss-security/2014/01/21/3 http://www.securityfocus.com/bid/65042 https://exchange.xforce.ibmcloud.com/vulnerabilities/90618 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-1624

CVE-2014-1624

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect