漏洞信息详情
Python os.py可预测临时文件名本地命令执行漏洞
- CNNVD编号:CNNVD-200210-213
- 危害等级: 中危
![图片[1]-Python os.py可预测临时文件名本地命令执行漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-1119
- 漏洞类型:
设计错误
- 发布时间:
2002-08-28
- 威胁类型:
本地
- 更新时间:
2005-05-13
- 厂 商:
python_software_foundation - 漏洞来源:
Zack Weinberg -
漏洞简介
Python是一种优秀的编程语言。
Python中的os.py模块os._execvpe函数存在问题,本地攻击者可以利用这个漏洞执行任意代码。
Python中的os.py模块os._execvpe函数在产生临时文件时,使用可预测临时文件名,而且没有对临时文件是否存在进行判断,本地攻击者可以利用这个漏洞以Python进程的权限在系统上执行任意代码。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 暂时去掉Python脚本的执行属性,尽快打上补丁。
厂商补丁:
Debian
——
Debian已经为此发布了一个安全公告(DSA-159)以及相应补丁:
DSA-159:New Python packages fix insecure temporary file use
链接:http://www.debian.org/security/2002/dsa-159” target=”_blank”>
http://www.debian.org/security/2002/dsa-159
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.dsc
Size/MD5 checksum: 814 d4368a244ae130c0a879dc583d74ebb6
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.diff.gz
Size/MD5 checksum: 85380 cef4ee264c041385d26a6e7a914f66cf
http://security.debian.org/pool/updates/main/p/python/python_1.5.2.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python_1.5.2.orig.tar.gz
Size/MD5 checksum: 2533053 e9d677ae6d5a3efc6937627ed8a3e752
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_alpha.deb
Size/MD5 checksum: 928612 9cbc6a1fc341c7f5668da7f14ddfd336
ARM architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_arm.deb
Size/MD5 checksum: 848442 778e22c98169028d94ba9fe3634dd113
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_i386.deb
Size/MD5 checksum: 825052 a2b34f89248287e5f61e1a9ae051b6ae
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_m68k.deb
Size/MD5 checksum: 837528 550655222273b7ed3b5f19ced5bb35cc
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_powerpc.deb
Size/MD5 checksum: 872370 6e45dfbc1694e89f4707e1803f65943a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_sparc.deb
Size/MD5 checksum: 854034 3ef80fbe6213c198d713046a4405cdff
Debian GNU/Linux 3.0 alias woody
– ——————————–
Source archives:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.dsc
Size/MD5 checksum: 916 59cda94465a7108d34294050e141b0ba
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.diff.gz
Size/MD5 checksum: 147550 0246bc4b24874e3c0f8b6c6af47b262d
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2.orig.tar.gz
Size/MD5 checksum: 2533570 d9ade0d7613466e0353561d277ff02fe
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.dsc
Size/MD5 checksum: 1283 2193a191f73cac617edc851ce1dc0874
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.diff.gz
Size/MD5 checksum: 70192 eacc3d64dd0717ecf47fb2793a6b94c2
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz
Size/MD5 checksum: 6194246 1ae739aa5824de263923df3516eeaf80
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.dsc
Size/MD5 checksum: 1150 029ee1aa079f8884283d57d765889d37
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.diff.gz
Size/MD5 checksum: 91682 de92eb806eea24f0a00289a9179cce7a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz
Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d
Alpha architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_alpha.deb
Size/MD5 checksum: 993386 157f481ea4625e923668cf5bba1c7fe6
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_alpha.deb
Size/MD5 checksum: 1804142 e02a244d71cfbe2f17c6bdf615c0d75e
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_alpha.deb
Size/MD5 checksum: 2139238 ee19156d488c1362a0035b005b2479f0
ARM architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_arm.deb
Size/MD5 checksum: 893284 b0f4521515c2fe08bddacea2ca58a6f1
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_arm.deb
Size/MD5 checksum: 1646358 5d15c914dd3f0a6839357a40bd3badf7
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_arm.deb
Size/MD5 checksum: 1952280 ec6986def88675cc6c341a10108c4b34
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_i386.deb
Size/MD5 checksum: 865684 475adc23a0cd7b706dfb50bd2beb4a61
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_i386.deb
Size/MD5 checksum: 1592036 643613afe8b24e5cc808cfa6150cd15a
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_i386.deb
Size/MD5 checksum: &nb
参考网址
来源: BID
名称: 5581
链接:http://www.securityfocus.com/bid/5581
来源: DEBIAN
名称: DSA-159
链接:http://www.debian.org/security/2002/dsa-159
来源: XF
名称: python-execvpe-tmpfile-symlink(10009)
链接:http://www.iss.net/security_center/static/10009.php
来源: mail.python.org
链接:http://mail.python.org/pipermail/python-dev/2002-August/027229.html
来源: REDHAT
名称: RHSA-2003:048
链接:http://www.redhat.com/support/errata/RHSA-2003-048.html
来源: REDHAT
名称: RHSA-2002:202
链接:http://www.redhat.com/support/errata/RHSA-2002-202.html
来源: MANDRAKE
名称: MDKSA-2002:082
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
来源: BUGTRAQ
名称: 20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
来源: CONECTIVA
名称: CLA-2002:527
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
来源: CALDERA
名称: CSSA-2002-045.0
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
