CVE-2014-2667
EUVD-2014-269916.11.2014, 01:59
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| python | python | 3.2.0 |
| python | python | 3.2.1 |
| python | python | 3.2.2 |
| python | python | 3.2.3 |
| python | python | 3.2.4 |
| python | python | 3.2.5 |
| python | python | 3.2.6 |
| python | python | 3.3.0 |
| python | python | 3.3.1 |
| python | python | 3.3.2 |
| python | python | 3.3.3 |
| python | python | 3.3.4 |
| python | python | 3.3.5 |
| python | python | 3.3.6 |
| python | python | 3.4.0 |
| python | python | 3.4.1 |
| python | python | 3.4.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| python2.7 |
| ||||||||||||||||||||||||||||
| python3.2 |
| ||||||||||||||||||||||||||||
| python3.4 |
|
References