|
|
Subscribe / Log in / New account

pyxdg: symlink attacks

Package(s):pyxdg CVE #(s):CVE-2014-1624
Created:December 22, 2014 Updated:January 5, 2015
Description: From the CVE entry:

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

Alerts:
Fedora FEDORA-2014-16357 pyxdg 2015-01-03
Fedora FEDORA-2014-16466 pyxdg 2014-12-25
Fedora FEDORA-2014-16287 pyxdg 2014-12-20
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds