Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-27T23:00:00

Updated: 2024-08-07T00:23:38.938Z

Reserved: 2011-12-23T00:00:00

Link: CVE-2011-4944

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-08-27T23:55:01.290

Modified: 2024-11-21T01:33:20.493

Link: CVE-2011-4944

cve-icon Redhat

Severity : Low

Publid Date: 2011-11-30T00:00:00Z

Links: CVE-2011-4944 - Bugzilla