Lucene search

K
cve[email protected]CVE-2011-4944
HistoryAug 27, 2012 - 11:55 p.m.

CVE-2011-4944

2012-08-2723:55:01
CWE-264
web.nvd.nist.gov
180
cve
python
.pypirc
credentials
security
race condition
nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.1

Confidence

High

EPSS

0

Percentile

10.1%

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Affected configurations

NVD
Node
pythonpythonMatch2.6.1
OR
pythonpythonMatch2.6.2
OR
pythonpythonMatch2.6.3
OR
pythonpythonMatch2.6.4
OR
pythonpythonMatch2.6.5
OR
pythonpythonMatch2.6.6
OR
pythonpythonMatch2.6.7
OR
pythonpythonMatch2.6.8
OR
pythonpythonMatch2.6.2150
OR
pythonpythonMatch2.6.6150
OR
pythonpythonMatch2.7.1
OR
pythonpythonMatch2.7.1rc1
OR
pythonpythonMatch2.7.2rc1
OR
pythonpythonMatch2.7.3
OR
pythonpythonMatch2.7.1150
OR
pythonpythonMatch2.7.1150x64
OR
pythonpythonMatch2.7.2150
OR
pythonpythonMatch3.0
OR
pythonpythonMatch3.0.1
OR
pythonpythonMatch3.1
OR
pythonpythonMatch3.1.1
OR
pythonpythonMatch3.1.2
OR
pythonpythonMatch3.1.3
OR
pythonpythonMatch3.1.4
OR
pythonpythonMatch3.1.5
OR
pythonpythonMatch3.1.2150x64
OR
pythonpythonMatch3.2
OR
pythonpythonMatch3.2alpha
VendorProductVersionCPE
pythonpython3.1cpe:/a:python:python:3.1:::
pythonpython3.2cpe:/a:python:python:3.2:::
pythonpython2.6.6cpe:/a:python:python:2.6.6:::
pythonpython3.0.1cpe:/a:python:python:3.0.1:::
pythonpython2.7.1cpe:/a:python:python:2.7.1:::
pythonpython2.6.8cpe:/a:python:python:2.6.8:::
pythonpython2.7.2cpe:/a:python:python:2.7.2:rc1::
pythonpython3.0cpe:/a:python:python:3.0:::
pythonpython2.6.2cpe:/a:python:python:2.6.2:::
pythonpython2.7.1150cpe:/a:python:python:2.7.1150:::
Rows per page:
1-10 of 271

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.1

Confidence

High

EPSS

0

Percentile

10.1%