CVE-2011-4944 — Race Condition in Python

CWE-26416 documents8 sources

Severity

1.9LOWNVD

EPSS

0.0%

top 91.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Python2.7 Python Vmware Esxi +1 more

Timeline

PublishedAug 27

Latest updateMay 13

Description

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/python2.7< python2.7 2.7.3~rc2-2 (bullseye)

▶NVDpython/python25 versions+24

▶vmwarevmware/vmware_esxi

▶vmwarevmware/vmware_vsphere

🔴Vulnerability Details

GHSA

GHSA-2j46-98gf-6xf6: Python 2↗2022-05-13

▶

OSV

CVE-2011-4944: Python 2↗2012-08-27

▶

📋Vendor Advisories

VMware

VMware security updates for vSphere API and ESX Service Console↗2012-11-15

▶

Ubuntu

Python 3.1 vulnerabilities↗2012-10-24

▶

Ubuntu

Python 3.2 vulnerabilities↗2012-10-23

▶

Ubuntu

Python 2.5 vulnerabilities↗2012-10-17

▶

Ubuntu

Python 2.4 vulnerabilities↗2012-10-17

▶

💬Community

Bugzilla

CVE-2011-4940 CVE-2011-4944 python26 various flaws [epel-5]↗2012-03-30

▶

Bugzilla

CVE-2011-4940 CVE-2012-0845 CVE-2011-4944 python3 various flaws [fedora-all]↗2012-03-30

▶

Bugzilla

CVE-2011-4940 CVE-2012-0845 CVE-2011-4944 python various flaws [fedora-all]↗2012-03-30

▶

Bugzilla

CVE-2011-4944 python: distutils creates ~/.pypirc insecurely↗2011-11-30

▶