Vulnerability Description
pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pyro Project | Pyro | < 3.15 |
Related Weaknesses (CWE)
References
- https://bugs.debian.org/631912ExploitIssue TrackingThird Party Advisory
- https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1eThird Party Advisory
- https://pythonhosted.org/Pyro/12-changes.htmlVendor Advisory
- https://bugs.debian.org/631912ExploitIssue TrackingThird Party Advisory
- https://github.com/irmen/Pyro3/commit/554e095a62c4412c91f981e72fd34a936ac2bf1eThird Party Advisory
- https://pythonhosted.org/Pyro/12-changes.htmlVendor Advisory
FAQ
What is CVE-2011-2765?
CVE-2011-2765 is a vulnerability with a CVSS score of 7.5 (HIGH). pyro before 3.15 unsafely handles pid files in temporary directory locations and opening the pid file as root. An attacker can use this flaw to overwrite arbitrary files via symlinks.
How severe is CVE-2011-2765?
CVE-2011-2765 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-2765?
Check the references section above for vendor advisories and patch information. Affected products include: Pyro Project Pyro.