Site icon API Security Blog

FreeBSD : py-suds — vulnerable to symlink attacks (b31f7029-817c-4c1f-b7d3-252de5283393)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b31f7029-817c-4c1f-b7d3-252de5283393 advisory.

– cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/. (CVE-2013-2217)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.Read More

Exit mobile version