[Bug 1227650] Re: Using suds allows an attacker to overwrite arbitrary files that you have the rights to access

[Steve Langasek]

The Precise Pangolin has reached end of life, so this bug will not be
fixed for that release

** Changed in: suds (Ubuntu Precise)
       Status: Confirmed => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to suds in Ubuntu.
https://bugs.launchpad.net/bugs/1227650

Title:
  Using suds allows an attacker to overwrite arbitrary files that you
  have the rights to access

Status in suds:
  Confirmed
Status in suds package in Ubuntu:
  Fix Released
Status in suds source package in Precise:
  Won't Fix
Status in suds source package in Quantal:
  Won't Fix
Status in suds source package in Raring:
  Won't Fix
Status in suds source package in Saucy:
  Fix Released
Status in suds package in Fedora:
  New

Bug description:
  python-suds has a security vulnerability (on multi-user machines /
  servers) which allows an attacker to overwrite arbitrary files that
  the user using suds has access to.

  Details:
  On line 109 of client.py, it unconditionally instantiates an ObjectCache.
  On line 141 of cache.py, it uses a static location for a temporary file, instead of using one of the secure functions in the tempfile module.
  Then on line 145, it calls a function which overwrites whatever file exists at /tmp/suds/version - or, if there's an attacker on the box who has access to /tmp, a symlink which could point at any file you have permissions to, allowing them to destroy the contents of a file you own.

To manage notifications about this bug go to:
https://bugs.launchpad.net/suds/+bug/1227650/+subscriptions