CVE-2011-4944

Priority
Low
Description
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions
before changing them after data has been written, which introduces a race
condition that allows local users to obtain a username and password by
reading this file.
References
Bugs
Notes
tyhicks> Code in Lib/distutils/command/register.py in 2.4 and 2.5
Assigned-to
jdstrand
Package
Upstream:pending (2.7.3~rc2-2)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (2.7.3~rc2-2)
Ubuntu 12.10 (Quantal Quetzal):not-affected
Ubuntu 13.04 (Raring Ringtail):not-affected
Ubuntu 13.10 (Saucy Salamander):not-affected
Patches:
Upstream:http://hg.python.org/cpython/rev/f833e7ec4de1/
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.5-1ubuntu6.1)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (3.2.3-0ubuntu3.2)
Ubuntu 12.10 (Quantal Quetzal):released (3.2.3-6ubuntu3.1)
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):not-affected (3.3.0-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (3.3.1-1ubuntu5)
Ubuntu 13.10 (Saucy Salamander):not-affected (3.3.2-7ubuntu2)
Patches:
Upstream:http://bugs.python.org/file23.34/pypirc-secure.diff
Package
Upstream:needed
Ubuntu 10.04 LTS (Lucid Lynx):released (3.1.2-0ubuntu3.2)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.04 (Raring Ringtail):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Patches:
Upstream:http://bugs.python.org/file23824/pypirc-secure.diff
More Information

Valid XHTML 1.0 Strict

Updated: 2013-09-24 19:14:32 UTC (commit 7291)