CVE-2015-1326 MEDIUM

CVE-2015-1326: python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp

Vendor Ubuntu

Product python-dbusmock

Published April 22, 2019

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

5.7/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

Description

python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.

Key dates

Disclosure timeline

April 22, 2019 CVE published

September 16, 2024 Record updated