CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:H/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
5.1%
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Vendor | Product | Version | CPE |
---|---|---|---|
python | virtualenv | * | cpe:2.3:a:python:virtualenv:*:*:*:*:*:*:*:* |
python | virtualenv | 0.8 | cpe:2.3:a:python:virtualenv:0.8:*:*:*:*:*:*:* |
python | virtualenv | 0.8.1 | cpe:2.3:a:python:virtualenv:0.8.1:*:*:*:*:*:*:* |
python | virtualenv | 0.8.2 | cpe:2.3:a:python:virtualenv:0.8.2:*:*:*:*:*:*:* |
python | virtualenv | 0.8.3 | cpe:2.3:a:python:virtualenv:0.8.3:*:*:*:*:*:*:* |
python | virtualenv | 0.8.4 | cpe:2.3:a:python:virtualenv:0.8.4:*:*:*:*:*:*:* |
python | virtualenv | 0.9 | cpe:2.3:a:python:virtualenv:0.9:*:*:*:*:*:*:* |
python | virtualenv | 0.9.1 | cpe:2.3:a:python:virtualenv:0.9.1:*:*:*:*:*:*:* |
python | virtualenv | 0.9.2 | cpe:2.3:a:python:virtualenv:0.9.2:*:*:*:*:*:*:* |
python | virtualenv | 1.0 | cpe:2.3:a:python:virtualenv:1.0:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html
lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html
openwall.com/lists/oss-security/2011/12/19/2
openwall.com/lists/oss-security/2011/12/19/4
openwall.com/lists/oss-security/2011/12/19/5
secunia.com/advisories/47240
bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5