PT-2012-2011 · Python+3 · Python+3

Vincent Danen

·

Published

2012-06-18

·

Updated

2025-11-07

·

CVE-2011-4944

CVSS v2.0

1.9

Low

VectorAV:L/AC:M/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Python versions 2.6 through 3.2
Description The issue introduces a race condition where local users can obtain a username and password by reading the ~/.pypirc file, which is created with world-readable permissions before the permissions are changed after data has been written.
Recommendations For Python versions 2.6 through 3.2, consider changing the permissions of the ~/.pypirc file immediately after creation to prevent unauthorized access. As a temporary workaround, restrict access to the ~/.pypirc file until a more permanent solution is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CESA-2012_0744
CVE-2011-4944
DLA-25-1
OPENSUSE-SU-2020:0086-1
OPENSUSE-SU-2020_0086-1
OPENSUSE-SU-2024:10426-1
OPENSUSE-SU-2024:10536-1
OPENSUSE-SU-2024:11202-1
OPENSUSE-SU-2024:11283-1
OPENSUSE-SU-2024:11284-1
OPENSUSE-SU-2024:11285-1
OPENSUSE-SU-2024:11286-1
OPENSUSE-SU-2024:12089-1
OPENSUSE-SU-2024:12910-1
OPENSUSE-SU-2024:14109-1
OPENSUSE-SU-2024:14434-1
OPENSUSE-SU-2025:15713-1
PSF-2012-2
RHSA-2012:0744
RHSA-2012:0745
RHSA-2012_0744
RHSA-2012_0745
SUSE-FU-2022:0444-1
SUSE-FU-2022:0445-1
SUSE-SU-2020:0114-1
SUSE-SU-2020:0234-1

Affected Products

Centos
Python
Red Hat
Suse