Miggo Logo

CVE-2014-1859:
Numpy arbitrary file write via symlink attack

5.5

CVSS Score
3.0

Basic Information

EPSS Score
0.22579%
Published
5/14/2022
Updated
10/1/2024
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
numpypip< 1.8.11.8.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure use of tempfile.mktemp() across multiple test files, which creates predictable temporary filenames without atomically creating the file. This allows local attackers to perform symlink attacks by pre-creating the file or directory. The GitHub commit explicitly replaces mktemp() with secure alternatives (e.g., NamedTemporaryFile, mkdtemp) in these functions, confirming their vulnerability. Each listed function directly used mktemp() in a context where temporary file creation was required, making them clear vectors for the symlink attack described in CVE-2014-1859.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

(*) *or*/t*sts/t*st_m*mm*p.py, (*) *or*/t*sts/t*st_multi*rr*y.py, (*) **py/**py**.py, *n* (*) li*/t*sts/t*st_io.py in NumPy ***or* *.*.* *llow lo**l us*rs to writ* to *r*itr*ry *il*s vi* * symlink *tt**k on * t*mpor*ry *il*.

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* us* o* `t*mp*il*.mkt*mp()` **ross multipl* t*st *il*s, w*i** *r**t*s pr**i*t**l* t*mpor*ry *il*n*m*s wit*out *tomi**lly *r**tin* t** *il*. T*is *llows lo**l *tt**k*rs to p*r*orm symlink *tt**ks *y pr*-*r**tin* t*