Note: This is an archival copy of Security Sun Alert 201480 as previously published on
Latest version of this security advisory is available from as Sun Alert 1001107.1.
Article ID : 1001107.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-08-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Sun Linux 5.0 Python Creates Temporary Files Insecurely


Release Phase

Sun Cobalt Qube 3 Server
Sun Cobalt RaQ XTR Server
Sun Cobalt RaQ 4 Server
Sun Cobalt RaQ 550 Server

Bug Id

Date of Resolved Release


Unprivileged local users may be able to overwrite or create any file on the system if a root user runs Python.

For more information on this issue, see the following:

Red Hat Advisory RHSA-2002:202-35 located at:

CVE CAN-2002-1119 located at:

Note: Python is an interpreted, interactive, object-oriented programming language.

Contributing Factors

This issue can occur in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Python version 1.5.2-35 or earlier

Sun Cobalt Platform

  • Qube3 with Python version 1.5.2-14 or earlier
  • RaQ4 with Python version 1.5.2-13 or earlier
  • RaQXTR with Python version 1.5.2-13 or earlier
  • RaQ550 with BeOpen-Python version 2.0.1 or earlier

The file package version can be determined by running the following command:

    # rpm -qa | grep -i python


There are no predictable symptoms that would indicate the above described issue have been exploited.


Until patches can be applied, sites may wish to to remove executable and all other permissions from Python.

The following command can be used to remove the permissions:

    # chmod 000 /usr/bin/python /usr/bin/python1.5

The following command can be used to restore the permissions:

    # chmod 755 /usr/bin/python /usr/bin/python1.5


This issue is addressed in the following releases:

Sun Linux Platform

  • Sun Linux 5.0 with Python 1.5.2-43.72 or Python 2.1.1-3.72 or later

Sun Linux patches are available at:

Sun Cobalt Platform

Qube3, RaQ4, RaQXTR, and RaQ550 patches are available at:

Modification History
Date: 19-AUG-2003
  • Modified the Synopsis

Date: 29-AUG-2003
  • Updated Resolution section

This solution has no attachment