CVE-2014-2667CVE-2014-2667

Affected configuration(s):

cpe:/a:python:python:3.2.0
cpe:/a:python:python:3.2.1
cpe:/a:python:python:3.2.2
cpe:/a:python:python:3.2.3
cpe:/a:python:python:3.2.4
cpe:/a:python:python:3.2.5
cpe:/a:python:python:3.2.6
cpe:/a:python:python:3.3.0
cpe:/a:python:python:3.3.1
cpe:/a:python:python:3.3.2
cpe:/a:python:python:3.3.3
cpe:/a:python:python:3.3.4
cpe:/a:python:python:3.3.5
cpe:/a:python:python:3.3.6
cpe:/a:python:python:3.4.0
cpe:/a:python:python:3.4.1
cpe:/a:python:python:3.4.2

Date published: 2014-11-15T20:59:01.927-05:00

Date last modified: 2017-06-30T21:29:05.810-04:00

CVSS Score: 3.3

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://bugs.python.org/issue21082

Summary: Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.