CVE-2011-4944

NameCVE-2011-4944
DescriptionPython 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-25-1
NVD severitylow (attack range: local)
Debian Bugs615118, 650555

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python2.6 (PTS)wheezy2.6.8-1.1fixed
python2.7 (PTS)wheezy2.7.3-6+deb7u2fixed
wheezy (security)2.7.3-6+deb7u3fixed
jessie2.7.9-2+deb8u1fixed
buster, stretch2.7.13-2fixed
sid2.7.14-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.6source(unstable)2.6.8-1unimportant615118
python2.6sourcesqueeze2.6.6-8+deb6u1lowDLA-25-1
python2.7source(unstable)2.7.3~rc2-2low650555

Notes

Negligable impact

Search for package or bug name: Reporting problems