Vulnerability CVE-2012-5379

Vulnerability Name:

CVE-2012-5379 (CCN-79206)

Assigned:

2012-10-07

Published:

2012-10-07

Updated:

2012-10-11

Summary:

** DISPUTED ** Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.
Note: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation.
Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426 Untrusted Search Path'

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C)
4.9 Medium (Temporal CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.5 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: ActiveState Web site
ActiveState

Source: MITRE
Type: CNA
CVE-2012-5379

Source: CCN
Type: SA50939
ActivePython Insecure File System Permissions Security Issue

Source: CCN
Type: SA50960
Python Insecure File System Permissions Security Issue

Source: CCN
Type: OSVDB ID: 86178
Python on Windows Path Subversion Arbitrary DLL Injection Code Execution

Source: CCN
Type: BID-55882
Python Insecure File Permissions Vulnerability

Source: CCN
Type: BID-55884
ActivePython CVE-2012-5379 Insecure File Permissions Vulnerability

Source: XF
Type: UNKNOWN
activepython-dll-code-execution(79206)

Source: CCN
Type: HTB23108
Privilege Escalation Vulnerability in Microsoft Windows

Source: MISC
Type: Exploit
https://www.htbridge.com/advisory/HTB23108

Vulnerable Configuration:

Configuration 1:

cpe:/a:activestate:activepython:3.2.2.3:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:activestate:activepython:3.2.2.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK