CVE-2011-4617

Published Dec 31, 2011
Last updated 13 years ago
Overview

Description: virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Source: secalert@redhat.com
NVD status: Modified
Hype score: Not currently trending
Risk scores

CVSS 2.0

Type: Primary
Base score: 1.2
Impact score: 2.9
Exploitability score: 1.9
Vector string: AV:L/AC:H/Au:N/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-59
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:python:virtualenv:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "882DAFE6-B0C3-43AA-A1DC-6344416DAC6C",
            "versionEndIncluding": "1.4.9"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20F09E53-183F-4FDA-8D0D-75157577F7C1"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2315DDB3-A7B4-4C1F-8F7F-65F9BDA58143"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "640993E8-ACDC-4BDC-B90A-6A5086684B5A"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C26475D6-E3B5-4BFE-ABCB-00FF1BF775F9"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9BCBE048-CF77-41DD-BE33-627CC1BFC269"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01394686-5868-4D76-98D9-704A4C47496A"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81602D91-34A2-435B-BFAB-8E2F6F13CAD6"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:0.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD4AA790-396B-4601-934A-C79805710EB7"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70DFD1E2-6F0C-473B-9AF8-145AFDA04F44"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AAA20A0-FB21-45A2-9955-61C57609D56B"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEFF343E-36F9-49FB-AD81-FA5826E3A38E"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8A81F15-879F-4756-B62D-882E2AF9836E"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D63484A0-262D-458C-8FFF-6130505C1467"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDE7D9B3-307F-4990-8A71-9351B72C8D4E"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4152B38F-6A2F-4DD1-94D8-9F15BF3C0B56"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1010E6AD-18E5-48C8-AACC-3B37A028A3E8"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D007BF26-E711-448A-A6DB-1BAEA1B1F7BE"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46930F4B-242B-4488-BE6B-56DCC6CA71D0"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91312611-4426-4421-8FAF-DAD0481E6CC6"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "535403D2-BB8A-43C6-BD1E-59186E3FDB4A"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD51D1A0-ECC4-4B6D-BF84-00226D2E4169"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C3685F4-EF62-48AD-B377-305A3C6C55E9"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26E60D71-9DD3-4E57-9E4A-4738C32FDED9"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D015A6E2-E45D-4F76-83E8-C6E8A700032B"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "699F024D-AA72-46A2-A1FA-354F9E1A5595"
          },
          {
            "criteria": "cpe:2.3:a:python:virtualenv:1.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59CAEC32-7D87-4689-AD6D-A43840B7B547"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References
