CVE 2013-2217
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
Related bugs and status
CVE-2013-2217 (Candidate) is related to these bugs:
Bug #1227650: Using suds allows an attacker to overwrite arbitrary files that you have the rights to access
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Ubuntu) | Medium | Fix Released | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds | Unknown | Confirmed | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Fedora) | Unknown | New | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Ubuntu Precise) | Medium | Won't Fix | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Ubuntu Quantal) | Medium | Won't Fix | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Ubuntu Raring) | Medium | Won't Fix | ||
1227650 | Using suds allows an attacker to overwrite arbitrary files that you have the rights to access | suds (Ubuntu Saucy) | Medium | Fix Released |
Bug #1341954: suds client subject to cache poisoning by local attacker
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1341954 | suds client subject to cache poisoning by local attacker | Cinder | Undecided | Fix Released | ||
1341954 | suds client subject to cache poisoning by local attacker | OpenStack Compute (nova) | Medium | Fix Released | ||
1341954 | suds client subject to cache poisoning by local attacker | oslo.vmware | Undecided | Fix Released | ||
1341954 | suds client subject to cache poisoning by local attacker | gantt | Undecided | New | ||
1341954 | suds client subject to cache poisoning by local attacker | OpenStack Security Advisory | Medium | Won't Fix | ||
1341954 | suds client subject to cache poisoning by local attacker | OpenStack Security Notes | High | Fix Released | ||
1341954 | suds client subject to cache poisoning by local attacker | Cinder havana | Undecided | Fix Released | ||
1341954 | suds client subject to cache poisoning by local attacker | Cinder icehouse | Undecided | Fix Released |
See the
CVE page on Mitre.org
for more details.