Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | New python2.2 packages really fix buffer overflow and restore functionality |
| Informations | |||
|---|---|---|---|
| Name | DSA-458 | First vendor Publication | 2004-03-09 |
| Vendor | Debian | Last vendor Modification | 2004-10-10 |
| Severity (Vendor) | N/A | Revision | 3 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This security advisory corrects DSA 458-2 which caused a problem in the gethostbyaddr routine. The original advisory said: Sebastian Schmidt discovered a buffer overflow bug in Python's getaddrinfo function, which could allow an IPv6 address, supplied by a remote attacker via DNS, to overwrite memory on the stack. This bug only exists in python 2.2 and 2.2.1, and only when IPv6 support is disabled. The python2.2 package in Debian woody meets these conditions (the 'python' package does not). For the stable distribution (woody), this bug has been fixed in version 2.2.1-4.6. The testing and unstable distribution (sid) are not affected by this problem. We recommend that you update your python2.2 packages. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-458 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-03 (Python) File : nvt/glsa_200409_03.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 458-1 (python2.2) File : nvt/deb_458_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 458-2 (python2.2) File : nvt/deb_458_2.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 458-3 (python2.2) File : nvt/deb_458_3.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 4172 | Python IPv6 DNS Address Response Handling Overflow A remote overflow exists in the getaddrinfo() function in Python. Python fails to handle an IPv6 DNS address, if IPv6 is not enabled, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to be executed on the vulnerable server. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-458.nasl - Type : ACT_GATHER_INFO |
| 2004-09-03 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200409-03.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-019.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:08 |
|
