Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
3 vulnerabilities by python_software_foundation
CVE-2008-4108 (GCVE-0-2008-4108)
Vulnerability from cvelistv5 – Published: 2008-09-18 17:47 – Updated: 2024-08-07 10:00
VLAI?
Summary
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Date Public ?
2008-09-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4274",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4274"
},
{
"name": "31184",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31184"
},
{
"name": "python-movefaqwiz-symlink(45161)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45161"
},
{
"name": "1020904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020904"
},
{
"name": "ADV-2008-2659",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2659"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=462326"
},
{
"name": "[oss-security] 20080916 Re: CVE Request (python)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152861617434\u0026w=2"
},
{
"name": "[oss-security] 20080915 CVE Request (python)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://marc.info/?l=oss-security\u0026m=122148330903513\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4274",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4274"
},
{
"name": "31184",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31184"
},
{
"name": "python-movefaqwiz-symlink(45161)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45161"
},
{
"name": "1020904",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020904"
},
{
"name": "ADV-2008-2659",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2659"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=462326"
},
{
"name": "[oss-security] 20080916 Re: CVE Request (python)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122152861617434\u0026w=2"
},
{
"name": "[oss-security] 20080915 CVE Request (python)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://marc.info/?l=oss-security\u0026m=122148330903513\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4108",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which tmp$RANDOM.tmp is located in an untrusted directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4274",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4274"
},
{
"name": "31184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31184"
},
{
"name": "python-movefaqwiz-symlink(45161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45161"
},
{
"name": "1020904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020904"
},
{
"name": "ADV-2008-2659",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2659"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=462326",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=462326"
},
{
"name": "[oss-security] 20080916 Re: CVE Request (python)",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122152861617434\u0026w=2"
},
{
"name": "[oss-security] 20080915 CVE Request (python)",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security\u0026m=122148330903513\u0026w=2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498899"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4108",
"datePublished": "2008-09-18T17:47:00.000Z",
"dateReserved": "2008-09-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:00:42.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0299 (GCVE-0-2008-0299)
Vulnerability from cvelistv5 – Published: 2008-01-16 22:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
Date Public ?
2008-01-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428727"
},
{
"name": "FEDORA-2008-0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html"
},
{
"name": "paramiko-randompool-info-disclosure(39749)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lag.net/pipermail/paramiko/2008-January/000599.html"
},
{
"name": "GLSA-200803-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-07.xml"
},
{
"name": "28510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28510"
},
{
"name": "29168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29168"
},
{
"name": "28488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28488"
},
{
"name": "27307",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27307"
},
{
"name": "FEDORA-2008-0722",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428727"
},
{
"name": "FEDORA-2008-0644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html"
},
{
"name": "paramiko-randompool-info-disclosure(39749)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lag.net/pipermail/paramiko/2008-January/000599.html"
},
{
"name": "GLSA-200803-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-07.xml"
},
{
"name": "28510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28510"
},
{
"name": "29168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29168"
},
{
"name": "28488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28488"
},
{
"name": "27307",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27307"
},
{
"name": "FEDORA-2008-0722",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=428727",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=428727"
},
{
"name": "FEDORA-2008-0644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00529.html"
},
{
"name": "paramiko-randompool-info-disclosure(39749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39749"
},
{
"name": "http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch",
"refsource": "MISC",
"url": "http://people.debian.org/~nion/nmu-diff/paramiko-1.6.4-1_1.6.4-1.1.patch"
},
{
"name": "http://www.lag.net/pipermail/paramiko/2008-January/000599.html",
"refsource": "MISC",
"url": "http://www.lag.net/pipermail/paramiko/2008-January/000599.html"
},
{
"name": "GLSA-200803-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-07.xml"
},
{
"name": "28510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28510"
},
{
"name": "29168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29168"
},
{
"name": "28488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28488"
},
{
"name": "27307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27307"
},
{
"name": "FEDORA-2008-0722",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00594.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0299",
"datePublished": "2008-01-16T22:00:00.000Z",
"dateReserved": "2008-01-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:39:34.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1657 (GCVE-0-2007-1657)
Vulnerability from cvelistv5 – Published: 2007-03-24 01:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Date Public ?
2007-03-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:25.865Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070314 Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462799/100/0/threaded"
},
{
"name": "20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001430.html"
},
{
"name": "43550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43550"
},
{
"name": "22964",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22964"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070314 Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462799/100/0/threaded"
},
{
"name": "20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2007-March/001430.html"
},
{
"name": "43550",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43550"
},
{
"name": "22964",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22964"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070314 Fwd: Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462799/100/0/threaded"
},
{
"name": "20070314 [TRUE] Python 2.5 (Modules/zlib) minigzip local buffer overflow vulnerability",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2007-March/001430.html"
},
{
"name": "43550",
"refsource": "OSVDB",
"url": "http://osvdb.org/43550"
},
{
"name": "22964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22964"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1657",
"datePublished": "2007-03-24T01:00:00.000Z",
"dateReserved": "2007-03-23T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:06:25.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}