CVE-2014-2667

Published: 16 November 2014

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

Priority

Low

Status

Package Release Status
python2.7
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

python3.2
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://hg.python.org/cpython/rev/9186f4a18584e
python3.4
Launchpad, Ubuntu, Debian
Upstream Needed

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.4.3-1ubuntu1~14.04)
Patches:
Upstream: http://hg.python.org/cpython/rev/c24dd53ab4b9

Notes

AuthorNote
seth-arnold
The upstream patch uses umask(0022) instead of umask(0) -- which
seems as bad as the original behaviour. We should see if there is an updated
patch when we prepare our packages that replaces the bad code.
mdeslaur
introduced by the fix for http://bugs.python.org/issue9299
upstream commited a better fix than the proposed one in the bug
but it now changes behavour

References

Bugs