PT-2012-2011 · Python+3 · Python+3

Vincent Danen

Publicado

2012-06-18

Atualizado

2025-11-07

CVE-2011-4944

CVSS v2.0

1.9

Baixa

Vetor

AV:L/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Python versions 2.6 through 3.2

Description The issue introduces a race condition where local users can obtain a username and password by reading the ~/.pypirc file, which is created with world-readable permissions before the permissions are changed after data has been written.

Recommendations For Python versions 2.6 through 3.2, consider changing the permissions of the ~/.pypirc file immediately after creation to prevent unauthorized access. As a temporary workaround, restrict access to the ~/.pypirc file until a more permanent solution is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CESA-2012_0744

CVE-2011-4944

DLA-25-1

OPENSUSE-SU-2020:0086-1

OPENSUSE-SU-2020_0086-1

OPENSUSE-SU-2024:10426-1

OPENSUSE-SU-2024:10536-1

OPENSUSE-SU-2024:11202-1

OPENSUSE-SU-2024:11283-1

OPENSUSE-SU-2024:11284-1

OPENSUSE-SU-2024:11285-1

OPENSUSE-SU-2024:11286-1

OPENSUSE-SU-2024:12089-1

OPENSUSE-SU-2024:12910-1

OPENSUSE-SU-2024:14109-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2025:15713-1

PSF-2012-2

RHSA-2012:0744

RHSA-2012:0745

RHSA-2012_0744

RHSA-2012_0745

SUSE-FU-2022:0444-1

SUSE-FU-2022:0445-1

SUSE-SU-2020:0114-1

SUSE-SU-2020:0234-1

Produtos afetados

Centos

Python

Red Hat

Suse

PT-2012-2011 · Python+3 · Python+3

CVE-2011-4944

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 242