Описание
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| pyro | fixed | 1:3.14-1 | package | |
| pyro | no-dsa | lenny | package | |
| pyro | no-dsa | squeeze | package |
Примечания
https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1e
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 7 лет назад
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVSS3: 7.5
nvd
больше 7 лет назад
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVSS3: 7.5
github
больше 7 лет назад
Pyro mishandles pid files in temporary directory locations and opening the pid file as root