Using suds allows an attacker to overwrite arbitrary files that you have the rights to access
Bug #1227650 reported by
Michael Bryant
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| suds |
Confirmed
|
Unknown
|
|||
| suds (Fedora) |
New
|
Unknown
|
|||
| suds (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Precise |
Won't Fix
|
Medium
|
Unassigned | ||
| Quantal |
Won't Fix
|
Medium
|
Unassigned | ||
| Raring |
Won't Fix
|
Medium
|
Unassigned | ||
| Saucy |
Fix Released
|
Medium
|
Unassigned | ||
Bug Description
python-suds has a security vulnerability (on multi-user machines / servers) which allows an attacker to overwrite arbitrary files that the user using suds has access to.
Details:
On line 109 of client.py, it unconditionally instantiates an ObjectCache.
On line 141 of cache.py, it uses a static location for a temporary file, instead of using one of the secure functions in the tempfile module.
Then on line 145, it calls a function which overwrites whatever file exists at /tmp/suds/version - or, if there's an attacker on the box who has access to /tmp, a symlink which could point at any file you have permissions to, allowing them to destroy the contents of a file you own.
CVE References
| Changed in suds: | |
| status: | Unknown → Confirmed |
| Changed in suds (Fedora): | |
| status: | Unknown → New |
| information type: | Private Security → Public Security |
| Changed in suds (Ubuntu Precise): | |
| status: | New → Confirmed |
| Changed in suds (Ubuntu Quantal): | |
| status: | New → Confirmed |
| Changed in suds (Ubuntu Raring): | |
| status: | New → Confirmed |
| Changed in suds (Ubuntu Saucy): | |
| status: | New → Fix Released |
| Changed in suds (Ubuntu Precise): | |
| importance: | Undecided → Medium |
| Changed in suds (Ubuntu Quantal): | |
| importance: | Undecided → Medium |
| Changed in suds (Ubuntu Raring): | |
| importance: | Undecided → Medium |
| Changed in suds (Ubuntu Saucy): | |
| importance: | Undecided → Medium |
| Changed in suds (Ubuntu Raring): | |
| status: | Confirmed → Won't Fix |
| Changed in suds (Ubuntu Quantal): | |
| status: | Confirmed → Won't Fix |
Revision history for this message
| Steve Langasek (vorlon) wrote | #1 |
| Changed in suds (Ubuntu Precise): | |
| status: | Confirmed → Won't Fix |
To post a comment you must log in.
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release