CVE-2013-2217

Jeff Ortel Suds < 1.0.0 - Symlink Following

Title source: rule

Description

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/.

Exploits (1)

nomisec WRITEUP

by Osirium · poc

https://github.com/Osirium/suds

View Code ZIP pw:eip

References (4)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-07/msg00062.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-2008-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=978696

[Mailing List] http://www.openwall.com/lists/oss-security/2013/06/27/8

Scores

EPSS 0.0012

EPSS Percentile 31.3%

Details

CWE

CWE-59

Status published

Products (7)

jeff_ortel/suds 0.4

opensuse/opensuse 12.2

opensuse/opensuse 12.3

pypi/suds 0 - 1.0.0PyPI

pypi/suds-py3 0 - 1.4.4.1PyPI

redhat/enterprise_linux 5

redhat/enterprise_linux 6.0

Published Sep 23, 2013

Tracked Since Feb 18, 2026