[Python-modules-team] Bug#736247: Fwd: Bug#736247: python-xdg: get_runtime_dir(strict=False): insecure use of /tmp

cve-assign at mitre.org cve-assign at mitre.org
Tue Jan 21 18:08:21 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> as reported by Jakub Wilk in http://bugs.debian.org/736247, there is a
> TOCTOU failure in python's xdg module
> 
> 1) Create symlink /tmp/pyxdg-runtime-dir-fallback-victim, pointing to a 
> directory owned by the victim

Use CVE-2014-1624.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJS3rYbAAoJEKllVAevmvmsstgH/0w3D687UMenhRZvTHdoPWwi
nk1vTE9SGraAUIe24g0VbdqI3vVUuMN1XqQnljFr2fkCWvhw2c2KCXg99TIcCmLo
wlqRIAf37dCgHXLyHjzlboNKZm+Mlrh57vis4VJIyrq8byW0jmgR9Dv+tACMeWkj
9Wkt1slsPiIMvFOjIZKjN8r8a85XbhpCQIrV4/uFMyOOarQHB9IT25YKNaldegFY
CylvlLM7mi4Ux1JU+ZIUMdwxQoSOtvq3OKYwbHNZoYMH5mGcwwgRN4/tTbuqxmOn
u8TYG3xqqVS4j2QuUG//LACrftlcJ0e/XtQTmSvJlVju/9bE2KD1U3ewrvUYHE0=
=9769
-----END PGP SIGNATURE-----



More information about the Python-modules-team mailing list