Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Python | Python | 2.6.1 (including) | 2.6.1 (including) |
Python | Python | 2.6.2 (including) | 2.6.2 (including) |
Python | Python | 2.6.3 (including) | 2.6.3 (including) |
Python | Python | 2.6.4 (including) | 2.6.4 (including) |
Python | Python | 2.6.5 (including) | 2.6.5 (including) |
Python | Python | 2.6.6 (including) | 2.6.6 (including) |
Python | Python | 2.6.7 (including) | 2.6.7 (including) |
Python | Python | 2.6.8 (including) | 2.6.8 (including) |
Python | Python | 2.6.2150 (including) | 2.6.2150 (including) |
Python | Python | 2.6.6150 (including) | 2.6.6150 (including) |
Python | Python | 2.7.1 (including) | 2.7.1 (including) |
Python | Python | 2.7.1-rc1 (including) | 2.7.1-rc1 (including) |
Python | Python | 2.7.2-rc1 (including) | 2.7.2-rc1 (including) |
Python | Python | 2.7.3 (including) | 2.7.3 (including) |
Python | Python | 2.7.1150 (including) | 2.7.1150 (including) |
Python | Python | 2.7.2150 (including) | 2.7.2150 (including) |
Python | Python | 3.0 (including) | 3.0 (including) |
Python | Python | 3.0.1 (including) | 3.0.1 (including) |
Python | Python | 3.1 (including) | 3.1 (including) |
Python | Python | 3.1.1 (including) | 3.1.1 (including) |
Python | Python | 3.1.2 (including) | 3.1.2 (including) |
Python | Python | 3.1.3 (including) | 3.1.3 (including) |
Python | Python | 3.1.4 (including) | 3.1.4 (including) |
Python | Python | 3.1.5 (including) | 3.1.5 (including) |
Python | Python | 3.1.2150 (including) | 3.1.2150 (including) |
Python | Python | 3.2 (including) | 3.2 (including) |
Python | Python | 3.2-alpha (including) | 3.2-alpha (including) |
Red Hat Enterprise Linux 5 | RedHat | python-0:2.4.3-46.el5_8.2 | * |
Red Hat Enterprise Linux 6 | RedHat | python-0:2.6.6-29.el6_2.2 | * |
Python2.4 | Ubuntu | hardy | * |
Python2.4 | Ubuntu | upstream | * |
Python2.5 | Ubuntu | hardy | * |
Python2.5 | Ubuntu | upstream | * |
Python2.6 | Ubuntu | lucid | * |
Python2.6 | Ubuntu | maverick | * |
Python2.6 | Ubuntu | natty | * |
Python2.6 | Ubuntu | oneiric | * |
Python2.6 | Ubuntu | upstream | * |
Python2.7 | Ubuntu | maverick | * |
Python2.7 | Ubuntu | natty | * |
Python2.7 | Ubuntu | oneiric | * |
Python2.7 | Ubuntu | upstream | * |
Python3.1 | Ubuntu | lucid | * |
Python3.1 | Ubuntu | maverick | * |
Python3.1 | Ubuntu | natty | * |
Python3.1 | Ubuntu | upstream | * |
Python3.2 | Ubuntu | natty | * |
Python3.2 | Ubuntu | oneiric | * |
Python3.2 | Ubuntu | precise | * |
Python3.2 | Ubuntu | quantal | * |
Python3.2 | Ubuntu | upstream | * |
Python3.3 | Ubuntu | upstream | * |