Summary: | <dev-lang/python-{2.7.7,3.2.5-r5,3.3.5-r1}: "os._get_masked_mode()" Race Condition Security Issue (CVE-2014-2667) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/57672/ | ||
Whiteboard: | A4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-28 15:07:29 UTC
CVE-2014-2667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2667): Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value. This issue was resolved and addressed in GLSA 201503-10 at https://security.gentoo.org/glsa/201503-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |