CVE-2018-1000117

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

CVSS v3 6.7 MEDIUM
CVSS v2.0 7.2 HIGH

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://bugs.python.org/issue33001	Issue Tracking Patch Third Party Advisory
https://github.com/python/cpython/pull/5989	Issue Tracking Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python::::::::
	cpe:2.3:a:python:python:3.7.0:beta1::::::
	cpe:2.3:a:python:python:3.7.0:beta2::::::
	cpe:2.3:a:python:python:3.7.0:beta3::::::
	cpe:2.3:a:python:python:3.7.0:beta4::::::
	cpe:2.3:a:python:python:3.7.0:beta5::::::

History

No history.

Information

Published : 2018-03-07 14:29

Updated : 2022-07-05 18:56

NVD link : CVE-2018-1000117

Mitre link : CVE-2018-1000117

CVE.ORG link : CVE-2018-1000117

JSON object : View

Products Affected

microsoft

windows

python

python

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

{"id": "CVE-2018-1000117", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2018-03-07T14:29:00.280", "references": [{"url": "https://bugs.python.org/issue33001", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/python/cpython/pull/5989", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5."}, {"lang": "es", "value": "Python Software Foundation CPython, desde la versi\u00f3n 3.2 hasta la 3.6.4 en Windows, contiene una vulnerabilidad de desbordamiento de b\u00fafer en la funci\u00f3n os.symlink() de Windows que puede resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario y en un escalado de privilegios. El ataque parece ser explotable mediante un script de python que crea un symlink con un nombre o ubicaci\u00f3n controlado por un atacante. La vulnerabilidad parece haber sido solucionada en las versiones 3.7.0 y 3.6.5."}], "lastModified": "2022-07-05T18:56:20.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7B9CFAC-B5D1-4A16-A311-42487E31655D", "versionEndExcluding": "3.4.9", "versionStartIncluding": "3.2.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1AAA7FB-F42F-480D-9549-EF8543876AFA", "versionEndExcluding": "3.5.6", "versionStartIncluding": "3.5.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9862179-5DDB-4B35-A010-D6DEDCACAA5F", "versionEndExcluding": "3.6.5", "versionStartIncluding": "3.6.0"}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A7E7890-36B8-4259-AC7B-19FEADC23ADD"}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "573E7CAE-9884-44F1-8A3A-54081DB63618"}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "819DE67C-A7A6-46DE-A41F-7B7F805944A3"}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BE8DDDF3-2695-493C-A21F-691ECD91EE79"}, {"criteria": "cpe:2.3:a:python:python:3.7.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C45769F8-486F-4041-B059-7B0DD16F2E74"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}