Lucene search

GitHub Advisory DatabaseGHSA-7372-Q459-JXHR

HistoryMay 17, 2022 - 1:27 a.m.

pyxdg Arbitrary File Overwrite via Race Condition

2022-05-1701:27:07

CWE-59

GitHub Advisory Database

github.com

pyxdg

basedirectory

get_runtime_dir

race condition

arbitrary files

local users

overwrite

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

EPSS

Percentile

5.1%

JSON

Race condition in the xdg.BaseDirectory.get_runtime_dir function in pyxdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

Affected configurations

Vulners

Node

pythonpyxdgRange≤0.25

VendorProductVersionCPE
pythonpyxdg*cpe:2.3:a:python:pyxdg:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	pyxdg	*	cpe:2.3:a:python:pyxdg::::::::

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247

www.openwall.com/lists/oss-security/2014/01/21/3

www.openwall.com/lists/oss-security/2014/01/21/4

exchange.xforce.ibmcloud.com/vulnerabilities/90618

github.com/advisories/GHSA-7372-q459-jxhr

github.com/takluyver/pyxdg/commit/bd999c1c3fe7ee5f30ede2cf704cf03e400347b4

nvd.nist.gov/vuln/detail/CVE-2014-1624

web.archive.org/web/20200227194825/www.securityfocus.com/bid/65042

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

EPSS

Percentile

5.1%

JSON

Related for GHSA-7372-Q459-JXHR