Home

CVE-2011-4944

Description

Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.035

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 UpdateMac
Multiple vulnerabilities are fixed in OS X Mavericks 10.9.5 Update (Combo)Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.5Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.1Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.4Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.6Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.7Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.0Mac
Multiple Vulnerabilities are affected in Python for MAC 3.0.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.2Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.3Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.3Mac
Multiple Vulnerabilities are affected in Python for MAC 2.6.6150Mac
Vulnerabilities CVE-2011-4944,CVE-2013-4238,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 2.6.8Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.1150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.2Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 2.7.3Mac
Vulnerabilities CVE-2011-4944,CVE-2013-4238,CVE-2014-1912,CVE-2014-9365 are affected in Python for MAC 3.1.2150Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.4Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.5Mac
(RHSA-2012:0745) Moderate: python security update python-2.4.3-46.el5_8.2.i386.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-2.4.3-46.el5_8.2.x86_64.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-devel-2.4.3-46.el5_8.2.i386.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-devel-2.4.3-46.el5_8.2.x86_64.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-libs-2.4.3-46.el5_8.2.i386.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-libs-2.4.3-46.el5_8.2.x86_64.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-tools-2.4.3-46.el5_8.2.i386.rpmLinux
(RHSA-2012:0745) Moderate: python security update python-tools-2.4.3-46.el5_8.2.x86_64.rpmLinux
(RHSA-2012:0745) Moderate: python security update tkinter-2.4.3-46.el5_8.2.i386.rpmLinux
(RHSA-2012:0745) Moderate: python security update tkinter-2.4.3-46.el5_8.2.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-600222OS X Mavericks 10.9.5 Update
PATCH-600223OS X Mavericks 10.9.5 Update (Combo)
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234