ISS X-Force Database: python-execvpe-tmpfile-symlink(10009): Python os._execvpe function temporary file symlink attack

Python os._execvpe function temporary file symlink attack

python-execvpe-tmpfile-symlink (10009)

Medium Risk

Description:

Python could allow a local attacker to launch a symlink attack. The os._execvpe function in the os.py utility creates temporary files with predictable file names. A local attacker could use this vulnerability to create a symbolic link from a temporary file to any file on the system to cause the file to be overwritten, and possibly execute code on the system.

Consequences:

File Manipulation

Remedy:

For Debian GNU/Linux 2.2 (potato):
Upgrade to the latest python package (1.5.2-10potato12 or later), as listed in DSA-159-1. See References.

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest python package (1.5_1.5.2-23.1 or later), as listed in DSA-159-1. See References.

For Sun Linux 5.0:
Apply the appropriate patch for your system. Refer to Sun Alert ID: 56122 for more information. See References.

— OR —

As a workaround, follow the instructions as listed in Sun Alert ID: 56122.

For Conectiva Linux:
Upgrade to the latest python package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2002:527 for more information. See References.

Conectiva Linux 6.0: 1.5.2-14U60_2cl or later
Conectiva Linux 7.0: 2.1-15U70_1cl or later
Conectiva Linux 8.0: 2.2-10U80_1cl or later

For Gentoo Linux:
Upgrade to the latest dev-lang/python-2.2.1-r4 package, as listed in Gentoo Linux Security Announcement 2002-10-03 14:45 UTC. See References.

For Caldera OpenLinux 3.1 and 3.1.1 (Workstation and Server):
Upgrade to the latest python package (1.5.2-23 or later), as listed in Caldera International, Inc. Security Advisory CSSA-2002-045.0. See References.

For Mandrake Linux:
Upgrade to the latest python, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2002:082 for more information. See References.

Mandrake Linux 7.2 and Single Network Firewall 7.2: 1.5.2-12.1mdk or later
Mandrake Linux 8.0: 2.0-9.1mdk or later
Mandrake Linux 8.1 and 8.2: 2.2-9.1mdk or later
Mandrake Linux 9.0: 2.2.1-14.2mdk or later

For Red Hat Linux:
Upgrade to the latest python package, as listed below. Refer to RHSA-2002:202-25 for more information. See References.

Red Hat 6.2: python-1.5.2-42.62 or later
Red Hat 7.0 and 7.1: python-1.5.2-42.71 or later
Red Hat 7.2: python-1.5.2-42.72 or later
Red Hat 7.3: python-1.5.2-42.73 or later

For OpenPKG:
Upgrade to the latest python package, as listed below. Refer to OpenPKG Security Advisory OpenPKG-SA-2003.006 for more information. See References.

OpenPKG CURRENT: 2.2.2-20021015 or later
OpenPKG 1.1: 2.2.1-1.1.1 or later

For other distributions:
Contact your vendor for upgrade or patch information.

References:

Caldera International, Inc. Security Advisory CSSA-2002-045.0: Linux: python insecure temporary files in os._execvpe.
Conectiva Linux Announcement CLSA-2002:527: python.
Gentoo Linux Security Announcement 2002-10-03 14:45 UTC: os.execvpe() vulnerability.
Python Web site: Download Python Software.
Python-Dev Mailing List, Thu, 1 Aug 2002 09:19:46 -0700: Weird error handling in os._execvpe.
SourceForge.net: Detail:590294 os._execvpe security fix.
SourceForge.net: Detail:601077 bug in new execvpe.
Sun Alert ID: 56122: Python Creates Temporary Files Insecurely.
BID-5581: Python os.py Predictable Temporary Filename Command Execution Vulnerability
CVE-2002-1119: os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
DSA-159: python -- insecure temporary files
MDKSA-2002:082: Updated python packages fix local arbitrary code execution vulnerability
MDKSA-2002:082-1: Updated python packages fix local arbitrary code execution vulnerability
MDKSA-2003:024: Updated packages fix multiple vulnerabilities
OpenPKG-SA-2003.006: Python
RHSA-2002-202: Updated python packages fix predictable temporary file
RHSA-2003-048: python security update

Platforms Affected:

Conectiva Linux 6.0
Conectiva Linux 7.0
Conectiva Linux 8.0
Debian Debian Linux 2.2
Debian Debian Linux 3.0
Gentoo Linux
MandrakeSoft Mandrake Linux 7.2
MandrakeSoft Mandrake Linux 8.0
MandrakeSoft Mandrake Linux 8.0 PPC
MandrakeSoft Mandrake Linux 8.1
MandrakeSoft Mandrake Linux 8.1 IA64
MandrakeSoft Mandrake Linux 8.2 PPC
MandrakeSoft Mandrake Linux 8.2
MandrakeSoft Mandrake Linux 9.0
MandrakeSoft Mandrake Single Network Firewall 7.2
OpenPKG OpenPKG 1.1
OpenPKG OpenPKG 1.2
OpenPKG OpenPKG CURRENT
Python Python 1.5.2 - 2.2.1
RedHat Enterprise Linux 2.1 AS
RedHat Linux 6.2
RedHat Linux 7
RedHat Linux 7.1
RedHat Linux 7.1 for iSeries
RedHat Linux 7.1 for pSeries
RedHat Linux 7.2
RedHat Linux 7.3
RedHat Linux Advanced Workstation 2.1 Itanium
SCO Caldera OpenLinux Server 3.1
SCO Caldera OpenLinux Server 3.1.1
SCO Caldera OpenLinux Workstation 3.1
SCO Caldera OpenLinux Workstation 3.1.1
Sun Linux 5.0
Twibright Links 0.96

Reported:

Aug 28, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page