CVE-2011-4944
EUVD-2011-485327.08.2012, 23:55
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| python | python | 2.6.1 |
| python | python | 2.6.2 |
| python | python | 2.6.3 |
| python | python | 2.6.4 |
| python | python | 2.6.5 |
| python | python | 2.6.6 |
| python | python | 2.6.7 |
| python | python | 2.6.8 |
| python | python | 2.6.2150 |
| python | python | 2.6.6150 |
| python | python | 2.7.1 |
| python | python | 2.7.1:rc1 |
| python | python | 2.7.2:rc1 |
| python | python | 2.7.3 |
| python | python | 2.7.1150 |
| python | python | 2.7.1150 |
| python | python | 2.7.2150 |
| python | python | 3.0 |
| python | python | 3.0.1 |
| python | python | 3.1 |
| python | python | 3.1.1 |
| python | python | 3.1.2 |
| python | python | 3.1.3 |
| python | python | 3.1.4 |
| python | python | 3.1.5 |
| python | python | 3.1.2150 |
| python | python | 3.2 |
| python | python | 3.2:alpha |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.4 |
| ||||||||||||||||||
| python2.5 |
| ||||||||||||||||||
| python2.6 |
| ||||||||||||||||||
| python2.7 |
| ||||||||||||||||||
| python3.1 |
| ||||||||||||||||||
| python3.2 |
| ||||||||||||||||||
| python3.3 |
|
Common Weakness Enumeration
References