Vulnerability CVE-2014-1839


Published: 2014-03-11

Description:
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
python logilab-common module temp file issues
Vincent Danen
02.02.2014

Type:

CWE-noinfo

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.4/10
6.4/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Opensuse -> Opensuse 
Novell -> Opensuse 
Logilab -> Logilab-common 

 References:
http://comments.gmane.org/gmane.comp.security.oss.general/11986
http://lists.opensuse.org/opensuse-updates/2014-02/msg00085.html
http://www.logilab.org/ticket/207562
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737051

Copyright 2024, cxsecurity.com

 

Back to Top