addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartexportfacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

PyAtl: Atlanta Python Programmers Message Board PyAtl Job Listings › NEWS: Stani's Python Editor Insecure Default File Permissions

NEWS: Stani's Python Editor Insecure Default File Permissions

A former member
Post #: 6
http://secunia.com/ad...­


Stani's Python Editor Insecure Default File Permissions

Secunia Advisory: SA17224 Print Advisory
Release Date: 2005-10-17

Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch

Software: Stani's Python Editor (SPE) 0.x

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Bryan Ostergaard has reported a security issue in Stani's Python Editor (SPE), which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges.

The security issue is caused due to the files belonging to SPE being installed with world-writable permissions. This can be exploited by malicious users to modify SPE's Python scripts, potentially including malicious content.

The security issue has been reported in version 0.7.5.c. Other versions may also be affected.

Solution:
Remove world-writable permissions from the affected files.

Provided and/or discovered by:
Bryan Ostergaard

Original Advisory:
Gentoo Bugzilla:
http://bugs.gentoo.or...­


Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.


Send Feedback to Secunia:

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback is most welcome.


.
Powered by mvnForum

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy