Race Condition Vulnerability in Python-XDG Affects Local Users
CVE-2014-1624

Currently unrated

Key Information:

Vendor: Python
Status: Pyxdg
Vendor: CVE Published:; 28 January 2014

Summary

A race condition exists in the xdg.BaseDirectory.get_runtime_dir function within the python-xdg library (version 0.25). This vulnerability enables authenticated local users to manipulate file structures, allowing them to overwrite arbitrary files. By pre-creating a specific directory in /tmp and later replacing it with a symlink to an attacker-controlled location, users can exploit this flaw when the get_runtime_dir function is invoked. Such an attack could lead to unauthorized file modifications, compromising system integrity.

References

http://www.openwall.com/lists/oss-security/2014/01/21/4

mailing-listx_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736247

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/90618

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 28, 2014
Vulnerability Reserved
Jan 21, 2014