Lucene search

GoogleOSV:PYSEC-2012-15

HistoryMay 01, 2012 - 7:55 p.m.

PYSEC-2012-15

2012-05-0119:55:00

Google

osv.dev

0.045 Low

EPSS

Percentile

92.5%

JSON

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.

CPENameOperatorVersion
pasteeq1.6
pasteeq1.7.3
pasteeq1.0.1
pasteeq1.7.5
pasteeq1.2.1
pasteeq0.9
pasteeq0.4
pasteeq0.4.1
pasteeq1.1.1
pasteeq0.9.8.1

Name	Operator	Version
paste	eq	1.6
paste	eq	1.7.3
paste	eq	1.0.1
paste	eq	1.7.5
paste	eq	1.2.1
paste	eq	0.9
paste	eq	0.4
paste	eq	0.4.1
paste	eq	1.1.1
paste	eq	0.9.8.1

Rows per page:

1-10 of 331

References

groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471

rhn.redhat.com/errata/RHSA-2012-1206.html

secunia.com/advisories/48812

secunia.com/advisories/50410

www.openwall.com/lists/oss-security/2012/02/23/1

www.openwall.com/lists/oss-security/2012/02/23/4

bitbucket.org/ianb/pastescript/changeset/a19e462769b4

bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve

bugzilla.redhat.com/show_bug.cgi?id=796790

0.045 Low

EPSS

Percentile

92.5%

JSON

Related for OSV:PYSEC-2012-15