MEDIUM🇵🇱 Wersja polska

CVE-2025-32797

CVSS 6.0v4.0pub. 2025-06-16upd. 2025-08-11

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem access can exploit a race condition to overwrite the script before execution, enabling arbitrary code execution under the victim's privileges. This risk is significant in shared environments, potentially leading to full system compromise. Even with non-static directory names, attackers can monitor parent directories for file creation events. The brief window between script creation (with insecure permissions) and execution allows rapid overwrites. Directory names can also be inferred via timestamps or logs, and automation enables exploitation even with semi-randomized paths by acting within milliseconds of detection. This issue has been patched in version 25.3.1. A workaround involves restricting conda_build.sh permissions from 0o766 to 0o700 (owner-only read/write/execute). Additionally, use atomic file creation (write to a temporary randomized filename and rename atomically) to minimize the race condition window.

CVSS Vector
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Anaconda Conda Build

    APP
    Anaconda
    < 25.3.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCERace Condition
CWE
References

Related vulnerabilities

CVE-2025-32798HIGH8.2ten sam produkt

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build reci...

CVE-2025-32800HIGH7.2ten sam produkt

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml l...

CVE-2025-32799MEDIUM5.6ten sam produkt

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build proc...

CVE-2021-42343CRITICAL9.8ten sam vendor

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clust...

CVE-2024-46060HIGH7.8ten sam vendor

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed ...