python-paste-script Root GID Files Arbitrary File Access Vulnerability

python-paste-script is prone to an arbitrary file-access vulnerability.

Remote attackers can exploit this issue to read or write to arbitrary files owned by root GID. This may lead to further attacks.

Note: To exploit this issue, web-applications using the affected python-paste-script must have a feature that allows users to handle local files on the server.


 

Privacy Statement
Copyright 2010, SecurityFocus