CVE-2018-1000117 - OpenCVE

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows
Python	Python

Configuration 1 [-]

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python:3.7.0:beta1::::::
	cpe:2.3:a:python:python:3.7.0:beta2::::::
	cpe:2.3:a:python:python:3.7.0:beta3::::::
	cpe:2.3:a:python:python:3.7.0:beta4::::::
	cpe:2.3:a:python:python:3.7.0:beta5::::::

No data.

References

Link	Providers
https://bugs.python.org/issue33001
https://github.com/python/cpython/pull/5989

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-03-07T14:00:00Z

Updated: 2024-09-17T01:37:10.621Z

Reserved: 2018-03-07T00:00:00Z

Link: CVE-2018-1000117

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-03-07T14:29:00.280

Modified: 2022-07-05T18:56:20.757

Link: CVE-2018-1000117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "dateAssigned": "2018-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-07T14:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/python/cpython/pull/5989"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.python.org/issue33001"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "DATE_ASSIGNED": "3/5/2018 11:30:13", "ID": "CVE-2018-1000117", "REQUESTER": "steve.dower@python.org", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/python/cpython/pull/5989", "refsource": "CONFIRM", "url": "https://github.com/python/cpython/pull/5989"}, {"name": "https://bugs.python.org/issue33001", "refsource": "CONFIRM", "url": "https://bugs.python.org/issue33001"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T12:33:49.262Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/python/cpython/pull/5989"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.python.org/issue33001"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-1000117", "datePublished": "2018-03-07T14:00:00Z", "dateReserved": "2018-03-07T00:00:00Z", "dateUpdated": "2024-09-17T01:37:10.621Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7B9CFAC-B5D1-4A16-A311-42487E31655D", "versionEndExcluding": "3.4.9", "versionStartIncluding": "3.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1AAA7FB-F42F-480D-9549-EF8543876AFA", "versionEndExcluding": "3.5.6", "versionStartIncluding": "3.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9862179-5DDB-4B35-A010-D6DEDCACAA5F", "versionEndExcluding": "3.6.5", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "6A7E7890-36B8-4259-AC7B-19FEADC23ADD", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "573E7CAE-9884-44F1-8A3A-54081DB63618", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "819DE67C-A7A6-46DE-A41F-7B7F805944A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "BE8DDDF3-2695-493C-A21F-691ECD91EE79", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "C45769F8-486F-4041-B059-7B0DD16F2E74", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5."}, {"lang": "es", "value": "Python Software Foundation CPython, desde la versi\u00f3n 3.2 hasta la 3.6.4 en Windows, contiene una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n os.symlink() de Windows que puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario y en un escalado de privilegios. El ataque parece ser explotable mediante un script de python que crea un symlink con un nombre o ubicaci\u00f3n controlado por un atacante. La vulnerabilidad parece haber sido solucionada en las versiones 3.7.0 y 3.6.5."}], "id": "CVE-2018-1000117", "lastModified": "2022-07-05T18:56:20.757", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-07T14:29:00.280", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugs.python.org/issue33001"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://github.com/python/cpython/pull/5989"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}]}