Unrated severityNVD Advisory· Published Aug 27, 2012· Updated Jun 16, 2026
CVE-2011-4944
CVE-2011-4944
Description
Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a username and password by reading this file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
56cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:python:python:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.6150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.7:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.6.8:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2150:*:*:*:*:*:x64:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
- (no CPE)range: 2.6 to 3.2
- osv-coords27 versionspkg:rpm/opensuse/python310&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python312&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python313&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python314&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python315&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python36&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python38&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python39&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python3-base&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python3&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-base&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP1pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/python&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1
< 3.10.0rc1-4.2+ 26 more
- (no CPE)range: < 3.10.0rc1-4.2
- (no CPE)range: < 3.11.0b1-1.1
- (no CPE)range: < 3.12.0a7-1.1
- (no CPE)range: < 3.13.0~b3-1.1
- (no CPE)range: < 3.14.0~a1-1.1
- (no CPE)range: < 3.15.0~a1-1.1
- (no CPE)range: < 3.6.15-1.1
- (no CPE)range: < 3.8.12-1.2
- (no CPE)range: < 3.9.7-2.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 3.6.10-lp151.6.7.1
- (no CPE)range: < 2.7.12-1.4
- (no CPE)range: < 2.7.18-8.1
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 3.6.10-3.42.2
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.1
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
- (no CPE)range: < 2.7.17-7.32.2
Patches
Vulnerability mechanics
References
20- bugs.debian.org/cgi-bin/bugreport.cginvd
- bugs.python.org/file23824/pypirc-secure.diffnvd
- bugs.python.org/issue13512nvd
- lists.apple.com/archives/security-announce/2013/Oct/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlnvd
- secunia.com/advisories/50858nvd
- secunia.com/advisories/51024nvd
- secunia.com/advisories/51040nvd
- secunia.com/advisories/51087nvd
- secunia.com/advisories/51089nvd
- www.openwall.com/lists/oss-security/2012/03/27/10nvd
- www.openwall.com/lists/oss-security/2012/03/27/2nvd
- www.openwall.com/lists/oss-security/2012/03/27/5nvd
- www.ubuntu.com/usn/USN-1592-1nvd
- www.ubuntu.com/usn/USN-1596-1nvd
- www.ubuntu.com/usn/USN-1613-1nvd
- www.ubuntu.com/usn/USN-1613-2nvd
- www.ubuntu.com/usn/USN-1615-1nvd
- www.ubuntu.com/usn/USN-1616-1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.