CVE-2014-1934

Опубликовано: 08 мая 2014

Источник: debian

Описание

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
eyed3	fixed	0.6.18-3		package
eyed3	no-dsa		squeeze	package

Примечания

Upstream patch: https://bitbucket.org/nicfit/eyed3/commits/372bbacb7a70
https://bitbucket.org/nicfit/eyed3/issue/65/tagpy-in-eyed3-allows-local-users-to
Neutralised by protected_symlinks kernel temp hardening

Связанные уязвимости

CVE-2014-1934

ubuntu

больше 11 лет назад

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

CVE-2014-1934

nvd

больше 11 лет назад

tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for Python allows local users to modify arbitrary files via a symlink attack on a temporary file.

GHSA-4r2w-w73w-36jm

CVSS3: 4.5

github

больше 3 лет назад

eyeD3 is vulnerable to arbitrary file modification via symlink attack