4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.7%
Python is an interpreted, interactive, object-oriented programming
language.
Zack Weinberg discovered that os._execvpe from os.py in Python 2.2.1 and
earlier creates temporary files with predictable names. This could allow
local users to execute arbitrary code via a symlink attack
All users should upgrade to these errata packages which include a patch to
python 1.5.2 to correct this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | python-tools | < 1.5.2-43.72 | python-tools-1.5.2-43.72.i386.rpm |
RedHat | any | i386 | python-devel | < 1.5.2-43.72 | python-devel-1.5.2-43.72.i386.rpm |
RedHat | any | ia64 | python | < 1.5.2-43.72 | python-1.5.2-43.72.ia64.rpm |
RedHat | any | ia64 | python-tools | < 1.5.2-43.72 | python-tools-1.5.2-43.72.ia64.rpm |
RedHat | any | ia64 | python-devel | < 1.5.2-43.72 | python-devel-1.5.2-43.72.ia64.rpm |
RedHat | any | i386 | python-docs | < 1.5.2-43.72 | python-docs-1.5.2-43.72.i386.rpm |
RedHat | any | i386 | python | < 1.5.2-43.72 | python-1.5.2-43.72.i386.rpm |
RedHat | any | ia64 | tkinter | < 1.5.2-43.72 | tkinter-1.5.2-43.72.ia64.rpm |
RedHat | any | ia64 | python-docs | < 1.5.2-43.72 | python-docs-1.5.2-43.72.ia64.rpm |
RedHat | any | i386 | tkinter | < 1.5.2-43.72 | tkinter-1.5.2-43.72.i386.rpm |