CVE-2014-1624

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

CVSS v2.0 3.3 LOW

3.3^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:N/I:P/A:P

Exploitability : 3.4 / Impact : 4.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247
http://www.openwall.com/lists/oss-security/2014/01/21/3
http://www.openwall.com/lists/oss-security/2014/01/21/4
http://www.securityfocus.com/bid/65042
https://exchange.xforce.ibmcloud.com/vulnerabilities/90618
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247
http://www.openwall.com/lists/oss-security/2014/01/21/3
http://www.openwall.com/lists/oss-security/2014/01/21/4
http://www.securityfocus.com/bid/65042
https://exchange.xforce.ibmcloud.com/vulnerabilities/90618

Configurations

Configuration 1 (hide)

cpe:2.3:a:python:pyxdg:0.25:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 -~~	() http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247 -
References	~~() http://www.openwall.com/lists/oss-security/2014/01/21/3 -~~	() http://www.openwall.com/lists/oss-security/2014/01/21/3 -
References	~~() http://www.openwall.com/lists/oss-security/2014/01/21/4 -~~	() http://www.openwall.com/lists/oss-security/2014/01/21/4 -
References	~~() http://www.securityfocus.com/bid/65042 -~~	() http://www.securityfocus.com/bid/65042 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/90618 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/90618 -

Information

Published : 2014-01-28 00:55

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1624

Mitre link : CVE-2014-1624

CVE.ORG link : CVE-2014-1624

JSON object : View

Products Affected

python

pyxdg

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

{"id": "CVE-2014-1624", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-28T00:55:04.083", "references": [{"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/21/3", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/21/4", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/65042", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90618", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/21/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2014/01/21/4", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65042", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90618", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called."}, {"lang": "es", "value": "Condici\u00f3n de carrera en la funci\u00f3n xdg.BaseDirectory.get_runtime_dir en python-xdg 0.25 permite a usuarios locales sobreescribir archivos arbitrarios mediante la pre-creaci\u00f3n /tmp/pyxdg-runtime-dir-fallback-victim para apuntar a una localizaci\u00f3n victim-owned, despu\u00e9s reemplaz\u00e1ndolo con un symlink hacia una localizaci\u00f3n controlada por el atacante una vez es llamada la funci\u00f3n get_runtime_dir."}], "lastModified": "2024-11-21T02:04:44.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:pyxdg:0.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1A9B8AF-17C0-4B47-A6D4-5C8A25EC5982"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}