PT-2014-4860 · Python+2 · Python+2

Vincent Danen

Publicado

2014-05-14

Atualizado

2025-11-07

CVE-2014-2667

CVSS v2.0

3.3

Baixa

Vetor

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Python versions 3.2 through 3.5

Description A race condition exists in the get masked mode function in Lib/os.py, which can be exploited by local users to bypass intended file permissions. This issue arises when exist ok is set to true and multiple threads are used, allowing a separate application vulnerability to be leveraged before the umask has been set to the expected value.

Recommendations For Python versions 3.2 through 3.5, consider applying configuration changes to avoid using the exist ok parameter with multiple threads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362

Identificadores relacionados

ALT-PU-2016-1294

CVE-2014-2667

MGASA-2014-0216

OPENSUSE-SU-2020:0086-1

OPENSUSE-SU-2020_0086-1

OPENSUSE-SU-2024:11283-1

OPENSUSE-SU-2024:11284-1

OPENSUSE-SU-2024:11285-1

OPENSUSE-SU-2024:11286-1

OPENSUSE-SU-2024:12089-1

OPENSUSE-SU-2024:12910-1

OPENSUSE-SU-2024:14109-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2025:15713-1

PSF-2014-5

SUSE-SU-2020:0114-1

Produtos afetados

Alt Linux

Python

Suse

PT-2014-4860 · Python+2 · Python+2

CVE-2014-2667

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 148