oss-sec mailing list archives
Re: Requesting a CVE for pip - Local DoS with predictable temp directory names
From: cve-assign () mitre org
Date: Thu, 20 Nov 2014 01:56:52 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
because the build directory is predictable a local DoS is possible simply by creating a /tmp/pip-build-<username>/ directory owned by someone other than the defined user https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847 https://github.com/pypa/pip/pull/2122
Use CVE-2014-8991. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUbY7BAAoJEKllVAevmvms8tIH/i8+HMV/TYDQcbr1CZfhfUne 3IPnX17hHUKObil3ryDSzm0aFAWNWz0hxHslJecSKNi0iBmLLR/1ItCbIDCZQ18Y n8Q9ygJiXYTO5AIA3/UU40G8jQ4PE/lS/jXBlGYEvrUFz1gBhylVe5sX5EdxU5su 97Tk6p/f4FhlOE5abrXLG1Ec9jZdkARlW9EnbmInrjXpIppgZFZQp0EVo+BUP9Ea h5slMIppNkXIAXhqoT+lIOM/A9l5rBP+GQ5YlxaQY8UsGuOfi5coXvbp/iL8ZB7X nZD1Xy2aTFFNt1YTmBBMJEr2H06Lrd1+F/xSCTiIgMuCG3Fpy9Wg80TxoOuxQ+0= =rTeG -----END PGP SIGNATURE-----
Current thread:
- Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft (Nov 17)
- Re: Requesting a CVE for pip - Local DoS with predictable temp directory names Donald Stufft (Nov 19)
- Re: Requesting a CVE for pip - Local DoS with predictable temp directory names cve-assign (Nov 19)