Virtualenv Insecure Temporary File Creation Vulnerability
BID:51120
Info
Virtualenv Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 51120 |
| Class: | Design Error |
| CVE: |
CVE-2011-4617 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 19 2011 12:00AM |
| Updated: | Apr 16 2015 06:14PM |
| Credit: | Nico Golde |
| Vulnerable: |
Ian Bicking Virtualenv 0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
Virtualenv Insecure Temporary File Creation Vulnerability
Virtualenv is prone to a vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks.
Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.
Virtualenv is prone to a vulnerability because it creates temporary files in an insecure manner.
An attacker with local access could potentially exploit this issue to perform symbolic-link attacks.
Successfully mounting a symlink attack may allow the attacker to corrupt sensitive files or gain access to sensitive information. Other attacks may also be possible.
Exploit / POC
Virtualenv Insecure Temporary File Creation Vulnerability
An attacker can use readily available commands to exploit this issue.
An attacker can use readily available commands to exploit this issue.
Solution / Fix
Virtualenv Insecure Temporary File Creation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Virtualenv Insecure Temporary File Creation Vulnerability
References:
References:
- CVE id request: python-virtualenv (Nico Golde)
- virtualenv commit (Ian Bicking)
- virtualenv Homepage (Ian Bicking)