oss-security March 2012 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: distutils creates ~/.p

[oss-security] CVE request: distutils creates ~/.pypirc insecurely

From: Vincent Danen <vdanen_at_nospam>
Date: Tue Mar 27 2012 - 14:15:31 GMT
To: oss-security@lists.openwall.com

Standard flaw where a file that contains a username and password is
written with insecure permissions. This only affects python 2.6 and
higher.

Could a CVE name be assigned to this flaw? I don't think one has been
already.

References:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650555
https://bugzilla.redhat.com/show_bug.cgi?id=758905
http://bugs.python.org/issue13512
http://bugs.python.org/file23824/pypirc-secure.diff

Thanks.

-- Vincent Danen / Red Hat Security Response Team