VIR Vulnerability Intelligence Relay

CVE-2011-4617

low
Published 2022-05-17 · Modified 2024-01-19
CVSS v3
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS v2
1.2
VIR risk
1.2

Description

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2011-4617

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://secunia.com/advisories/47240

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed1.6-1
debian debianbullseyefixed1.6-1
debian debianforkyfixed1.6-1
debian debiansidfixed1.6-1
debian debiantrixiefixed1.6-1

Package impact
EcosystemPackageVulnerableFixed
python PyPIvirtualenv<1.51.5

Application impact
VendorProductVersionsFixed
python pythonvirtualenv{"endIncluding":"1.4.9"}
python pythonvirtualenv0.8
python pythonvirtualenv0.8.1
python pythonvirtualenv0.8.2
python pythonvirtualenv0.8.3
python pythonvirtualenv0.8.4
python pythonvirtualenv0.9
python pythonvirtualenv0.9.1
python pythonvirtualenv0.9.2
python pythonvirtualenv1.0
python pythonvirtualenv1.1
python pythonvirtualenv1.1.1
python pythonvirtualenv1.2
python pythonvirtualenv1.3
python pythonvirtualenv1.3.1
python pythonvirtualenv1.3.2
python pythonvirtualenv1.3.3
python pythonvirtualenv1.3.4
python pythonvirtualenv1.4
python pythonvirtualenv1.4.1
python pythonvirtualenv1.4.2
python pythonvirtualenv1.4.3
python pythonvirtualenv1.4.4
python pythonvirtualenv1.4.5
python pythonvirtualenv1.4.6
python pythonvirtualenv1.4.7
python pythonvirtualenv1.4.8

References

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.