CVE-2011-2765

Exploit

EPSS 0.43%
Veröffentlicht 20.08.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 01:28:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pyro Project ≫ Pyro Version < 3.15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://bugs.debian.org/631912

Third Party Advisory

Exploit

Issue Tracking

https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e

Third Party Advisory

https://pythonhosted.org/Pyro/12-changes.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2011-2765

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-2765

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-2765

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2011-2765