{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-02-01T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "47240", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/47240"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5"}, {"name": "[oss-security] 20111219 Re: CVE id request: python-virtualenv", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/19/4"}, {"name": "[oss-security] 20111219 CVE id request: python-virtualenv", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/19/2"}, {"name": "FEDORA-2011-17289", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html"}, {"name": "FEDORA-2011-17341", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html"}, {"name": "[oss-security] 20111219 Re: CVE id request: python-virtualenv", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/12/19/5"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4617", "datePublished": "2011-12-31T01:00:00", "dateReserved": "2011-11-29T00:00:00", "dateUpdated": "2012-02-01T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:virtualenv:*:*:*:*:*:*:*:*", "matchCriteriaId": "882DAFE6-B0C3-43AA-A1DC-6344416DAC6C", "versionEndIncluding": "1.4.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "20F09E53-183F-4FDA-8D0D-75157577F7C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2315DDB3-A7B4-4C1F-8F7F-65F9BDA58143", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "640993E8-ACDC-4BDC-B90A-6A5086684B5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "C26475D6-E3B5-4BFE-ABCB-00FF1BF775F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "9BCBE048-CF77-41DD-BE33-627CC1BFC269", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "01394686-5868-4D76-98D9-704A4C47496A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "81602D91-34A2-435B-BFAB-8E2F6F13CAD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:0.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD4AA790-396B-4601-934A-C79805710EB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "70DFD1E2-6F0C-473B-9AF8-145AFDA04F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "3AAA20A0-FB21-45A2-9955-61C57609D56B", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "AEFF343E-36F9-49FB-AD81-FA5826E3A38E", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C8A81F15-879F-4756-B62D-882E2AF9836E", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D63484A0-262D-458C-8FFF-6130505C1467", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "EDE7D9B3-307F-4990-8A71-9351B72C8D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "4152B38F-6A2F-4DD1-94D8-9F15BF3C0B56", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "1010E6AD-18E5-48C8-AACC-3B37A028A3E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "D007BF26-E711-448A-A6DB-1BAEA1B1F7BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "46930F4B-242B-4488-BE6B-56DCC6CA71D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "91312611-4426-4421-8FAF-DAD0481E6CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "535403D2-BB8A-43C6-BD1E-59186E3FDB4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD51D1A0-ECC4-4B6D-BF84-00226D2E4169", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "7C3685F4-EF62-48AD-B377-305A3C6C55E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "26E60D71-9DD3-4E57-9E4A-4738C32FDED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "D015A6E2-E45D-4F76-83E8-C6E8A700032B", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "699F024D-AA72-46A2-A1FA-354F9E1A5595", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:virtualenv:1.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "59CAEC32-7D87-4689-AD6D-A43840B7B547", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/."}, {"lang": "es", "value": "virtualenv.py en virtualenv antes de v1.5 permite a usuarios locales sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico en un archivo concreto en /tmp/."}], "id": "CVE-2011-4617", "lastModified": "2012-02-01T04:12:07.367", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.2, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 1.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-12-31T01:55:00.860", "references": [{"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/12/19/2"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/12/19/4"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/12/19/5"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/47240"}, {"source": "secalert@redhat.com", "url": "https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}