Using suds allows an attacker to overwrite arbitrary files that you have the rights to access
Bug #1227650 reported by
Michael Bryant
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
suds |
Confirmed
|
Unknown
|
|||
suds (Fedora) |
New
|
Unknown
|
|||
suds (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Won't Fix
|
Medium
|
Unassigned | ||
Quantal |
Won't Fix
|
Medium
|
Unassigned | ||
Raring |
Won't Fix
|
Medium
|
Unassigned | ||
Saucy |
Fix Released
|
Medium
|
Unassigned |
Bug Description
python-suds has a security vulnerability (on multi-user machines / servers) which allows an attacker to overwrite arbitrary files that the user using suds has access to.
Details:
On line 109 of client.py, it unconditionally instantiates an ObjectCache.
On line 141 of cache.py, it uses a static location for a temporary file, instead of using one of the secure functions in the tempfile module.
Then on line 145, it calls a function which overwrites whatever file exists at /tmp/suds/version - or, if there's an attacker on the box who has access to /tmp, a symlink which could point at any file you have permissions to, allowing them to destroy the contents of a file you own.
CVE References
Changed in suds: | |
status: | Unknown → Confirmed |
Changed in suds (Fedora): | |
status: | Unknown → New |
information type: | Private Security → Public Security |
Changed in suds (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in suds (Ubuntu Quantal): | |
status: | New → Confirmed |
Changed in suds (Ubuntu Raring): | |
status: | New → Confirmed |
Changed in suds (Ubuntu Saucy): | |
status: | New → Fix Released |
Changed in suds (Ubuntu Precise): | |
importance: | Undecided → Medium |
Changed in suds (Ubuntu Quantal): | |
importance: | Undecided → Medium |
Changed in suds (Ubuntu Raring): | |
importance: | Undecided → Medium |
Changed in suds (Ubuntu Saucy): | |
importance: | Undecided → Medium |
Changed in suds (Ubuntu Raring): | |
status: | Confirmed → Won't Fix |
Changed in suds (Ubuntu Quantal): | |
status: | Confirmed → Won't Fix |
To post a comment you must log in.
The Precise Pangolin has reached end of life, so this bug will not be fixed for that release