19 matches found
SUSE CVE-2011-4944
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
Whispers - Identify Hardcoded Secrets In Static Structured Text
"My little birds are everywhere, even in the North, they whisper to me the strangest stories." - Lord Varys Whispers is a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions. Whispers can run in the CLI or you can...
Python < 2.7.4, 3.2.x < 3.2.4, 3.3.x < 3.3.1 pypirc created insecurely (bpo-13512) - Linux
Python is prone to an access control vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python"; ifdescription...
SuSE 11.1 Security Update : libpython2_6-1_0, libpython2_6-1_0-32bit, libpython2_6-1_0-x86, python, etc (SAT Patch Number 6310)
This update to python 2.6.8 fixes the following bugs, among others : - XMLRPC Server DoS. CVE-2012-0845, bnc747125 - hash randomization issues. CVE-2012-1150, bnc751718 - insecure creation of .pypirc. CVE-2011-4944, bnc754447 - SimpleHTTPServer XSS. CVE-2011-1015, bnc752375 - functions can accept...
DEBIAN-CVE-2011-4944
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
CVE-2011-4944
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
Race condition
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
CVE-2011-4944
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
CVE-2011-4944
CVE-2011-4944 affects Python 2.6–3.2 where ~/.pypirc is created world-readable before permissions are tightened, enabling a race condition for local users to read credentials. The connected docs confirm the issue description but do not provide a patch/version that fixes it within the supplied mat...
PSF-2012-2 pypirc created insecurely
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
RHEL 6 : python (RHSA-2012:0744)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0744 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...
RHEL 5 : python (RHSA-2012:0745)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0745 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...
python: distutils creates ~/.pypirc insecurely
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
Moderate: Red Hat Security Advisory: python security update
Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
python: distutils creates ~/.pypirc insecurely
Python 2.6 through 3.2 creates /.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file...
python security update
2.6.6-29.el62.2 - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 2.6.6-29.el62.1 - distutils.config: create /.pypirc securely Resolves: CVE-2011-4944 - fix endless loop in SimpleXMLRPCServer upon malformed POST request Resolves: CVE-2012-0845 - send encodi...
python security update
2.4.3-46.el58.2 - if hash randomization is enabled, also enable it within pyexpat Resolves: CVE-2012-0876 2.4.3-46.el58.1 - distutils.commands.register: create /.pypirc securely Resolves: CVE-2011-4944 - send encoding in SimpleHTTPServer.listdirectory to protect IE7 against potential XSS attacks...
PT-2012-2011 · Python +3 · Python +3
Name of the Vulnerable Software and Affected Versions: Python versions 2.6 through 3.2 Description: The issue introduces a race condition where local users can obtain a username and password by reading the /.pypirc file, which is created with world-readable permissions before the permissions are...
python 'distutils' Component '~/.pypirc'本地竞争条件漏洞
BUGTRAQ ID: 52732 CVE ID: CVE-2011-4944 Python是一种面向对象、直译式计算机程序设计语言,也是一种功能强大的通用型语言。 Python在distutils组件创建.pypirc的实现上存在本地竞争条件漏洞,可以访问受害者主目录的攻击者通过此漏洞可绕过某些权限限制,泄露敏感信息 0 Python 3.3 Python 3.2 Python 2.7 Python 2.6 Python 2.5.6 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...