Executive Summary
Summary | |
---|---|
Title | python security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1177 | First vendor Publication | 2009-07-27 |
Vendor | RedHat | Last vendor Modification | 2009-07-27 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter's privileges. (CVE-2008-1887) Multiple buffer and integer overflow flaws were found in the Python Unicode string processing and in the Python Unicode and string object implementations. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-3142, CVE-2008-5031) Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1679, CVE-2008-4864) Multiple integer underflow and overflow flaws were found in the Python snprintf() wrapper implementation. An attacker could use these flaws to cause a denial of service (memory corruption). (CVE-2008-3144) Multiple integer overflow flaws were found in various Python modules. An attacker could use these flaws to cause a denial of service (Python application crash). (CVE-2008-2315, CVE-2008-3143) An integer signedness error, leading to a buffer overflow, was found in the Python zlib extension module. If a Python application requested the negative byte count be flushed for a decompression stream, it could cause the application to crash or, potentially, execute arbitrary code with the Python interpreter's privileges. (CVE-2008-1721) Red Hat would like to thank David Remahl of the Apple Product Security team for responsibly reporting the CVE-2008-1679 and CVE-2008-2315 issues. All Python users should upgrade to these updated packages, which contain backported patches to correct these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 441306 - CVE-2008-1679 python: imageop module integer overflows 442005 - CVE-2008-1721 python: integer signedness error in the zlib extension module 443810 - CVE-2008-1887 python: PyString_FromStringAndSize does not check for negative size values 454990 - CVE-2008-3142 python: Multiple buffer overflows in unicode processing 455008 - CVE-2008-2315 python: Multiple integer overflows in python core 455013 - CVE-2008-3143 python: Multiple integer overflows discovered by Google 455018 - CVE-2008-3144 python: Potential integer underflow and overflow in the PyOS_vsnprintf C API function 469656 - CVE-2008-4864 python: imageop module multiple integer overflows 470915 - CVE-2008-5031 python: stringobject, unicodeobject integer overflows |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1177.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
56 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
22 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
11 % | CWE-681 | Incorrect Conversion between Numeric Types |
11 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10170 | |||
Oval ID: | oval:org.mitre.oval:def:10170 | ||
Title: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10407 | |||
Oval ID: | oval:org.mitre.oval:def:10407 | ||
Title: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Description: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1887 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10583 | |||
Oval ID: | oval:org.mitre.oval:def:10583 | ||
Title: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Description: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1679 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10702 | |||
Oval ID: | oval:org.mitre.oval:def:10702 | ||
Title: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Description: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4864 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11280 | |||
Oval ID: | oval:org.mitre.oval:def:11280 | ||
Title: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5031 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11466 | |||
Oval ID: | oval:org.mitre.oval:def:11466 | ||
Title: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13081 | |||
Oval ID: | oval:org.mitre.oval:def:13081 | ||
Title: | USN-806-1 -- python2.4, python2.5 vulnerabilities | ||
Description: | It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. Multiple integer overflows were discovered in Python�s stringobject and unicodeobject expandtabs method. If an attacker were able to exploit these flaws they could execute arbitrary code with user privileges or cause Python applications to crash, leading to a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-806-1 CVE-2008-4864 CVE-2008-5031 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 6.06 Ubuntu 8.10 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17381 | |||
Oval ID: | oval:org.mitre.oval:def:17381 | ||
Title: | USN-632-1 -- python2.4, python2.5 vulnerabilities | ||
Description: | It was discovered that there were new integer overflows in the imageop module. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-632-1 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 7 |
Platform(s): | Ubuntu 6.06 Ubuntu 7.04 Ubuntu 7.10 Ubuntu 8.04 | Product(s): | python2.4 python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18481 | |||
Oval ID: | oval:org.mitre.oval:def:18481 | ||
Title: | DSA-1551-1 python2.4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1551-1 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 7 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:19316 | |||
Oval ID: | oval:org.mitre.oval:def:19316 | ||
Title: | DSA-1667-1 python2.4 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667-1 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20188 | |||
Oval ID: | oval:org.mitre.oval:def:20188 | ||
Title: | DSA-1620-1 python2.5 - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1620-1 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.5 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22809 | |||
Oval ID: | oval:org.mitre.oval:def:22809 | ||
Title: | ELSA-2009:1176: python security update (Moderate) | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1176-01 CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 | Version: | 45 |
Platform(s): | Oracle Linux 5 | Product(s): | python |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29294 | |||
Oval ID: | oval:org.mitre.oval:def:29294 | ||
Title: | RHSA-2009:1176 -- python security update (Moderate) | ||
Description: | Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1176 CESA-2009:1176-CentOS 5 CVE-2007-2052 CVE-2007-4965 CVE-2008-1721 CVE-2008-1887 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 CVE-2008-4864 CVE-2008-5031 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | python |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7720 | |||
Oval ID: | oval:org.mitre.oval:def:7720 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7725 | |||
Oval ID: | oval:org.mitre.oval:def:7725 | ||
Title: | VMware python multiple integer overflows vulnerability in the PyOS_vsnprintf function | ||
Description: | Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3144 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7800 | |||
Oval ID: | oval:org.mitre.oval:def:7800 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1679 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7901 | |||
Oval ID: | oval:org.mitre.oval:def:7901 | ||
Title: | DSA-1667 python2.4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, stropmodule, gcmodule, and mmapmodule modules. Justin Ferguson discovered that incorrect memory allocation in the unicode_resize() function can lead to buffer overflows. Several integer overflows were discovered in various Python core modules. Several integer overflows were discovered in the PyOS_vsnprintf() function. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1667 CVE-2008-2315 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7981 | |||
Oval ID: | oval:org.mitre.oval:def:7981 | ||
Title: | DSA-1620 python2.5 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1620 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8152 | |||
Oval ID: | oval:org.mitre.oval:def:8152 | ||
Title: | DSA-1551 python2.4 -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1551 CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887 | Version: | 3 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | python2.4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8249 | |||
Oval ID: | oval:org.mitre.oval:def:8249 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8354 | |||
Oval ID: | oval:org.mitre.oval:def:8354 | ||
Title: | VMware python multiple integer overflows vulnerability in the imageop module | ||
Description: | Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-4864 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8422 | |||
Oval ID: | oval:org.mitre.oval:def:8422 | ||
Title: | VMware python multiple buffer overflows vulnerability | ||
Description: | Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3142 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8445 | |||
Oval ID: | oval:org.mitre.oval:def:8445 | ||
Title: | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 1 |
Platform(s): | Sun Solaris 10 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8494 | |||
Oval ID: | oval:org.mitre.oval:def:8494 | ||
Title: | VMware python zlib extension module vulnerability | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8564 | |||
Oval ID: | oval:org.mitre.oval:def:8564 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-5031 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8624 | |||
Oval ID: | oval:org.mitre.oval:def:8624 | ||
Title: | VMware python PyString_FromStringAndSize function vulnerability | ||
Description: | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1887 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8683 | |||
Oval ID: | oval:org.mitre.oval:def:8683 | ||
Title: | VMware python multiple integer overflows vulnerability | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:8996 | |||
Oval ID: | oval:org.mitre.oval:def:8996 | ||
Title: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Description: | Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-3143 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9407 | |||
Oval ID: | oval:org.mitre.oval:def:9407 | ||
Title: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Description: | Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-1721 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9761 | |||
Oval ID: | oval:org.mitre.oval:def:9761 | ||
Title: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Description: | Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2008-2315 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-11-24 | Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for python CESA-2009:1176 centos5 i386 File : nvt/gb_CESA-2009_1176_python_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for python CESA-2009:1178 centos3 i386 File : nvt/gb_CESA-2009_1178_python_centos3_i386.nasl |
2010-11-16 | Name : Mandriva Update for python MDVSA-2010:215 (python) File : nvt/gb_mandriva_MDVSA_2010_215.nasl |
2010-07-16 | Name : Mandriva Update for python MDVSA-2010:132 (python) File : nvt/gb_mandriva_MDVSA_2010_132.nasl |
2010-05-12 | Name : Mac OS X Security Update 2009-001 File : nvt/macosx_secupd_2009-001.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python0.nasl |
2009-10-13 | Name : SLES10: Security update for Python File : nvt/sles10_python.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5040780.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5032900.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1176 (python) File : nvt/ovcesa2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1177 File : nvt/RHSA_2009_1177.nasl |
2009-07-29 | Name : Ubuntu USN-806-1 (python2.5) File : nvt/ubuntu_806_1.nasl |
2009-07-29 | Name : CentOS Security Advisory CESA-2009:1178 (python) File : nvt/ovcesa2009_1178.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-16 (python) File : nvt/glsa_200907_16.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1176 File : nvt/RHSA_2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1178 File : nvt/RHSA_2009_1178.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:163 (python) File : nvt/gb_mandriva_MDVSA_2008_163.nasl |
2009-04-09 | Name : Mandriva Update for python MDVSA-2008:085 (python) File : nvt/gb_mandriva_MDVSA_2008_085.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4, python2.5 vulnerabilities USN-632-1 File : nvt/gb_ubuntu_USN_632_1.nasl |
2009-02-13 | Name : Mandrake Security Advisory MDVSA-2009:036 (python) File : nvt/mdksa_2009_036.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 10.3) File : nvt/suse_sr_2009_001b.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.0) File : nvt/suse_sr_2009_001a.nasl |
2009-01-20 | Name : SuSE Security Summary SUSE-SR:2009:001 (OpenSuSE 11.1) File : nvt/suse_sr_2009_001.nasl |
2009-01-13 | Name : Mandrake Security Advisory MDVSA-2009:003 (python) File : nvt/mdksa_2009_003.nasl |
2008-11-24 | Name : Debian Security Advisory DSA 1667-1 (python2.4) File : nvt/deb_1667_1.nasl |
2008-11-14 | Name : Python Multiple Integer Overflow Vulnerabilities (Win) File : nvt/gb_python_intgr_overflow_vuln_win.nasl |
2008-11-11 | Name : Python Imageop Module imageop.crop() BOF Vulnerability (Win) File : nvt/gb_python_imageop_bof_vuln_win.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-16 (python) File : nvt/glsa_200807_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200807-01 (python) File : nvt/glsa_200807_01.nasl |
2008-09-17 | Name : FreeBSD Ports: python24 File : nvt/freebsd_python24.nasl |
2008-09-04 | Name : FreeBSD Ports: python23 File : nvt/freebsd_python23.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Linux) File : nvt/secpod_python_mult_vuln_lin_900106.nasl |
2008-08-22 | Name : Python Multiple Vulnerabilities (Win) File : nvt/secpod_python_mult_vuln_win_900105.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1620-1 (python2.5) File : nvt/deb_1620_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1551-1 (python2.4) File : nvt/deb_1551_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2008-217-01 python File : nvt/esoft_slk_ssa_2008_217_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50097 | Python imageop Module imageop.c crop Function Multiple Overflows An integer overflow exists in python. Python fails to validate input in imageop.c of the imageop module which results in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
50096 | Python Overflow Python/ Multiple Files Unspecified Overflow |
50095 | Python Overflow Parser/node.c Unspecified Overflow |
50094 | Python Overflow Objects/ Multiple Files Unspecified Overflow |
50093 | Python Overflow Modules/ Multiple Files Unspecified Overflow |
50092 | Python Overflow Include/pymem.h Unspecified Overflow |
47481 | Python mysnprintf.c PyOS_vsnprintf Function Multiple Overflows Python contains a flaw that may allow a denial of service. The issue is triggered by an integer overflow in the PyOS_vsnprintf function in Python/mysnprintf.c, and will result in loss of availability for the affected process. |
47480 | Python PyMem_RESIZE Macro unicode_resize Function Unicode String Handling Mul... |
47478 | Python Multiple Modules Multiple Unspecified Overflows |
44730 | Python PyString_FromStringAndSize Function Memory Allocation Overflow |
44693 | Python zlib Extension Module Signed Integer Handling Arbitrary Remote Code Ex... An overflow exists in python. Python fails to validate input resulting in a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
44463 | Python imageop.c Crafted Images Multiple Overflows |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_python_20130313.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090728_python_for_SL_3_0_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090727_python_for_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-11-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-215.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-132.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-5837.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12316.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12215.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1178.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1177.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-07-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-806-1.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_python-080801.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_python-081201.nasl - Type : ACT_GATHER_INFO |
2009-07-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-16.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-003.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-163.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-085.nasl - Type : ACT_GATHER_INFO |
2009-02-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2009-001.nasl - Type : ACT_GATHER_INFO |
2009-01-11 | Name : The remote openSUSE host is missing a security update. File : suse_python-5848.nasl - Type : ACT_GATHER_INFO |
2008-11-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1667.nasl - Type : ACT_GATHER_INFO |
2008-09-11 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_0dccaa287f3c11dd8de50030843d3802.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-5490.nasl - Type : ACT_GATHER_INFO |
2008-08-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-5491.nasl - Type : ACT_GATHER_INFO |
2008-08-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2008-217-01.nasl - Type : ACT_GATHER_INFO |
2008-08-04 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-632-1.nasl - Type : ACT_GATHER_INFO |
2008-08-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-16.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1620.nasl - Type : ACT_GATHER_INFO |
2008-07-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200807-01.nasl - Type : ACT_GATHER_INFO |
2008-04-28 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ec41c3e2129c11ddbab70016179b2dd5.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1551.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:42 |
|