1
Candidate: CVE-2014-1624
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1624
6
Race condition in the xdg.BaseDirectory.get_runtime_dir function in
7
python-xdg 0.25 allows local users to overwrite arbitrary files by
8
pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a
9
victim-owned location, then replacing it with a symlink to an
10
attacker-controlled location once the get_runtime_dir function is called.
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247
16
Discovered-by: Jakub Wilk
19
Tags_pyxdg: symlink-restriction hardlink-restriction
21
upstream_pyxdg: needed
22
lucid_pyxdg: ignored (reached end-of-life)
23
precise_pyxdg: ignored (reached end-of-life)
24
precise/esm_pyxdg: DNE (precise was needed)
25
quantal_pyxdg: ignored (reached end-of-life)
26
raring_pyxdg: ignored (reached end-of-life)
27
saucy_pyxdg: ignored (reached end-of-life)
29
utopic_pyxdg: ignored (reached end-of-life)
30
vivid_pyxdg: ignored (reached end-of-life)
31
vivid/stable-phone-overlay_pyxdg: ignored (reached end-of-life)
32
vivid/ubuntu-core_pyxdg: ignored (reached end-of-life)
33
wily_pyxdg: ignored (reached end-of-life)
35
yakkety_pyxdg: ignored (reached end-of-life)
36
zesty_pyxdg: ignored (reached end-of-life)