CVE-2011-2765

Published: Aug 20, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.

Affected (1)

Products: Pyro Project: Pyro

Pyro Project

1 product

Pyro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pyro Project Pyro	Before 3.15

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

https://bugs.debian.org/631912

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e

Source: cve@mitre.org

Third Party Advisory

https://pythonhosted.org/Pyro/12-changes.html

Source: cve@mitre.org

Vendor Advisory

https://bugs.debian.org/631912

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://pythonhosted.org/Pyro/12-changes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.