exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2022-42919

Status Candidate

Overview

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9.

Related Files

Gentoo Linux Security Advisory 202305-02
Posted May 3, 2023
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202305-2 - Multiple vulnerabilities have been found in Python and PyPy, the worst of which could result in arbitrary code execution.

tags | advisory, arbitrary, vulnerability, code execution, python
systems | linux, gentoo
advisories | CVE-2015-20107, CVE-2021-28363, CVE-2021-28861, CVE-2021-29921, CVE-2021-3654, CVE-2022-0391, CVE-2022-37454, CVE-2022-42919, CVE-2022-45061
SHA-256 | 641b7206ae708be2456ced27dc11f8f77c8d01d6eb97ee4f516c3e6799b4e0ad
Download | Favorite | View
Red Hat Security Advisory 2022-8493-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8493-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-42919
SHA-256 | 830e84737049728164089fedffb46a7456defd19bcdcd6e15286d0fe9df4be79
Download | Favorite | View
Red Hat Security Advisory 2022-8492-01
Posted Nov 16, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-8492-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a privilege escalation vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2022-42919
SHA-256 | 6cf3a3fb83078828d12c9df5d5fe73dbfad72c496a535112ea92891acff4047d
Download | Favorite | View
Ubuntu Security Notice USN-5713-1
Posted Nov 4, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5713-1 - Devin Jeanpierre discovered that Python incorrectly handled sockets when the multiprocessing module was being used. A local attacker could possibly use this issue to execute arbitrary code and escalate privileges.

tags | advisory, arbitrary, local, python
systems | linux, ubuntu
advisories | CVE-2022-42919
SHA-256 | 519b87950edc14d86138f6d60cc3d5418b913135e7e909f8cc810d2a861e5aee
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close