Improper Link Resolution Before File Access in Suds
Discription

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.Read More

References

https://nvd.nist.gov/vuln/detail/CVE-2013-2217https://bugzilla.redhat.com/show_bug.cgi?id=978696http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.htmlhttp://www.openwall.com/lists/oss-security/2013/06/27/8http://www.ubuntu.com/usn/USN-2008-1

1.2 Low

CVSS2

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact
  • Availability Impact
  • Local
  • High
  • None
  • None
  • Partial
  • None

AV:L/AC:H/Au:N/C:N/I:P/A:N

Back to Main
Subscribe for the latest news: