Описание
Jython Improper Access Restrictions vulnerability
Jython before 2.7.2b3 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2013-2027
- https://github.com/jython/frozen-mirror/commit/053949e66d307168fd70b39725f4d3e6b642acc1
- https://bugzilla.redhat.com/show_bug.cgi?id=947949
- https://github.com/jython/frozen-mirror/blob/b8d7aa4cee50c0c0fe2f4b235dd62922dd0f3f99/NEWS#L25C8-L25C15
- http://advisories.mageia.org/MGASA-2015-0096.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:158
- http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
Пакеты
org.python:jython-standalone
< 2.7.2b3
2.7.2b3
Связанные уязвимости
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Jython 2.2.1 uses the current umask to set the privileges of the class ...