Back to search
CVE-2014-2667
Published: Nov 16, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20140328 CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python
mailing-list
x_refsource_MLIST
openSUSE-SU-2014:0597
vendor-advisory
x_refsource_SUSE
GLSA-201503-10
vendor-advisory
x_refsource_GENTOO
[oss-security] 20140330 Re: CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python
mailing-list
x_refsource_MLIST
http://bugs.python.org/issue21082
x_refsource_CONFIRM
[oss-security] 20140329 Re: [PSRT] CVE request: os.makedirs(exist_ok=True) is not thread-safe in Python
mailing-list
x_refsource_MLIST
openSUSE-SU-2014:0596
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0086
vendor-advisory
x_refsource_SUSE
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now