Lucene search

K
cve[email protected]CVE-2011-4944
HistoryAug 27, 2012 - 11:55 p.m.

CVE-2011-4944

2012-08-2723:55:01
CWE-264
web.nvd.nist.gov
178
cve
python
.pypirc
credentials
security
race condition
nvd

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Affected configurations

NVD
Node
pythonpythonMatch2.6.1
OR
pythonpythonMatch2.6.2
OR
pythonpythonMatch2.6.3
OR
pythonpythonMatch2.6.4
OR
pythonpythonMatch2.6.5
OR
pythonpythonMatch2.6.6
OR
pythonpythonMatch2.6.7
OR
pythonpythonMatch2.6.8
OR
pythonpythonMatch2.6.2150
OR
pythonpythonMatch2.6.6150
OR
pythonpythonMatch2.7.1
OR
pythonpythonMatch2.7.1rc1
OR
pythonpythonMatch2.7.2rc1
OR
pythonpythonMatch2.7.3
OR
pythonpythonMatch2.7.1150
OR
pythonpythonMatch2.7.1150x64
OR
pythonpythonMatch2.7.2150
OR
pythonpythonMatch3.0
OR
pythonpythonMatch3.0.1
OR
pythonpythonMatch3.1
OR
pythonpythonMatch3.1.1
OR
pythonpythonMatch3.1.2
OR
pythonpythonMatch3.1.3
OR
pythonpythonMatch3.1.4
OR
pythonpythonMatch3.1.5
OR
pythonpythonMatch3.1.2150x64
OR
pythonpythonMatch3.2
OR
pythonpythonMatch3.2alpha

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

8.1 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%