Описание
Paste Script has improper group memberships permissions
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-0878
- https://github.com/cdent/pastescript/commit/b5f36f2995e1ae117cc53d2bd458d7fb33e4cabe
- https://bitbucket.org/ianb/pastescript/changeset/a19e462769b4
- https://bitbucket.org/ianb/pastescript/pull-request/3/fix-group-permissions-for-pastescriptserve
- https://bugzilla.redhat.com/show_bug.cgi?id=796790
- https://github.com/pypa/advisory-database/tree/main/vulns/paste/PYSEC-2012-15.yaml
- https://web.archive.org/web/20140723093519/http://secunia.com/advisories/50410
- https://web.archive.org/web/20140803132259/http://secunia.com/advisories/48812
- http://groups.google.com/group/paste-users/browse_thread/thread/2aa651ba331c2471
- http://rhn.redhat.com/errata/RHSA-2012-1206.html
- http://www.openwall.com/lists/oss-security/2012/02/23/1
- http://www.openwall.com/lists/oss-security/2012/02/23/4
Пакеты
pastescript
< 2.0.1
2.0.1
paste
< 1.7.5.1
1.7.5.1
Связанные уязвимости
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem.
Paste Script 1.7.5 and earlier does not properly set group memberships ...
ELSA-2012-1206: python-paste-script security update (MODERATE)