pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
BID:58608
Info
pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
| Bugtraq ID: | 58608 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 20 2013 12:00AM |
| Updated: | Mar 20 2013 12:00AM |
| Credit: | Thomas Güttler |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
pip is prone to an insecure temporary-file-creation vulnerability.
Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible.
pip is prone to an insecure temporary-file-creation vulnerability.
Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible.
Exploit / POC
pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
Attackers require local interactive access to exploit this issue.
Attackers require local interactive access to exploit this issue.
Solution / Fix
pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
pip '/tmp/pip-build' Directory Insecure Temporary File Creation Vulnerability
References:
References:
- /tmp/pip-build not secure (Thomas Güttler)
- pip Homepage (The pip developers)
- pypa / pip (GitHub)