Vulnerability Description
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jeff Ortel | Suds | 0.4 |
| Opensuse | Opensuse | 12.2 |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
- http://www.openwall.com/lists/oss-security/2013/06/27/8
- http://www.ubuntu.com/usn/USN-2008-1
- https://bugzilla.redhat.com/show_bug.cgi?id=978696
- http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html
- http://www.openwall.com/lists/oss-security/2013/06/27/8
- http://www.ubuntu.com/usn/USN-2008-1
- https://bugzilla.redhat.com/show_bug.cgi?id=978696
FAQ
What is CVE-2013-2217?
CVE-2013-2217 is a vulnerability with a CVSS score of 1.2 (LOW). cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name i...
How severe is CVE-2013-2217?
CVE-2013-2217 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2217?
Check the references section above for vendor advisories and patch information. Affected products include: Jeff Ortel Suds, Opensuse Opensuse, Redhat Enterprise Linux.