Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Vulnerability Description
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.
CVSS Information
N/A
Vulnerability Type
不安全的继承权限
Vulnerability Title
Conda-build 安全漏洞
Vulnerability Description
Conda-build是Conda开源的一个用于构建conda包的命令和工具。 Conda-build 25.3.1之前版本存在安全漏洞,该漏洞源于临时构建脚本conda_build.sh权限设置不当,可能导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A