3 matches found
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...
CVE-2025-32797
Conda-build before 25.3.1 creates a temporary build script (conda_build.sh) with overly permissive 0o766 permissions. A local attacker with filesystem access can race between creation and execution to overwrite the script, enabling arbitrary code execution under the victim’s privileges. Fedora an...