PT-2014-4860 · Python+2 · Python+2

Vincent Danen

Published

2014-05-14

Updated

2025-11-07

CVE-2014-2667

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Python versions 3.2 through 3.5

Description A race condition exists in the get masked mode function in Lib/os.py, which can be exploited by local users to bypass intended file permissions. This issue arises when exist ok is set to true and multiple threads are used, allowing a separate application vulnerability to be leveraged before the umask has been set to the expected value.

Recommendations For Python versions 3.2 through 3.5, consider applying configuration changes to avoid using the exist ok parameter with multiple threads to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALT-PU-2016-1294

CVE-2014-2667

MGASA-2014-0216

OPENSUSE-SU-2020:0086-1

OPENSUSE-SU-2020_0086-1

OPENSUSE-SU-2024:11283-1

OPENSUSE-SU-2024:11284-1

OPENSUSE-SU-2024:11285-1

OPENSUSE-SU-2024:11286-1

OPENSUSE-SU-2024:12089-1

OPENSUSE-SU-2024:12910-1

OPENSUSE-SU-2024:14109-1

OPENSUSE-SU-2024:14434-1

OPENSUSE-SU-2025:15713-1

PSF-2014-5

SUSE-SU-2020:0114-1

Affected Products

Alt Linux

Python

Suse

PT-2014-4860 · Python+2 · Python+2

CVE-2014-2667

Weakness Enumeration

Related Identifiers

Affected Products

References · 148