Executive Summary
Summary | |
---|---|
Title | python security update |
Informations | |||
---|---|---|---|
Name | RHSA-2007:1077 | First vendor Publication | 2007-12-10 |
Vendor | RedHat | Last vendor Modification | 2007-12-10 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 3. Problem description: Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated, which could possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 5. Bug IDs fixed (http://bugzilla.redhat.com/): 235093 - CVE-2007-2052 Off-by-one in python's locale.strxfrm() 383371 - CVE-2006-7228 pcre integer overflow |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2007-1077.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-193 | Off-by-one Error |
50 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10810 | |||
Oval ID: | oval:org.mitre.oval:def:10810 | ||
Title: | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | ||
Description: | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-7228 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11716 | |||
Oval ID: | oval:org.mitre.oval:def:11716 | ||
Title: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Description: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2052 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8353 | |||
Oval ID: | oval:org.mitre.oval:def:8353 | ||
Title: | VMware python PyLocale_strxfrm function vulnerability | ||
Description: | Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-2052 | Version: | 4 |
Platform(s): | VMWare ESX Server 3 VMWare ESX Server 3.5 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 | |
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for python CESA-2009:1176 centos5 i386 File : nvt/gb_CESA-2009_1176_python_centos5_i386.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5021454.nasl |
2009-10-10 | Name : SLES9: Security update for Python File : nvt/sles9p5015916.nasl |
2009-08-17 | Name : CentOS Security Advisory CESA-2009:1176 (python) File : nvt/ovcesa2009_1176.nasl |
2009-07-29 | Name : RedHat Security Advisory RHSA-2009:1176 File : nvt/RHSA_2009_1176.nasl |
2009-04-09 | Name : Mandriva Update for python MDKSA-2007:099 (python) File : nvt/gb_mandriva_MDKSA_2007_099.nasl |
2009-03-23 | Name : Ubuntu Update for python2.4/2.5 vulnerabilities USN-585-1 File : nvt/gb_ubuntu_USN_585_1.nasl |
2009-03-06 | Name : RedHat Update for python RHSA-2007:1076-02 File : nvt/gb_RHSA-2007_1076-02_python.nasl |
2009-03-06 | Name : RedHat Update for php RHSA-2008:0546-01 File : nvt/gb_RHSA-2008_0546-01_php.nasl |
2009-03-06 | Name : RedHat Update for python RHSA-2007:1077-01 File : nvt/gb_RHSA-2007_1077-01_python.nasl |
2009-03-06 | Name : RedHat Update for pcre RHSA-2007:1068-01 File : nvt/gb_RHSA-2007_1068-01_pcre.nasl |
2009-03-06 | Name : RedHat Update for pcre RHSA-2007:1065-01 File : nvt/gb_RHSA-2007_1065-01_pcre.nasl |
2009-03-06 | Name : RedHat Update for pcre RHSA-2007:1063-01 File : nvt/gb_RHSA-2007_1063-01_pcre.nasl |
2009-03-06 | Name : RedHat Update for pcre RHSA-2007:1059-01 File : nvt/gb_RHSA-2007_1059-01_pcre.nasl |
2009-02-27 | Name : CentOS Update for php CESA-2008:0546-01 centos2 i386 File : nvt/gb_CESA-2008_0546-01_php_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for pcre CESA-2007:1063 centos3 i386 File : nvt/gb_CESA-2007_1063_pcre_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for pcre CESA-2007:1063 centos3 x86_64 File : nvt/gb_CESA-2007_1063_pcre_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for pcre CESA-2007:1065-01 centos2 i386 File : nvt/gb_CESA-2007_1065-01_pcre_centos2_i386.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 i386 File : nvt/gb_CESA-2007_1076_python-docs_centos3_i386.nasl |
2009-02-27 | Name : CentOS Update for python-docs CESA-2007:1076 centos3 x86_64 File : nvt/gb_CESA-2007_1076_python-docs_centos3_x86_64.nasl |
2009-02-27 | Name : CentOS Update for python CESA-2007:1077-01 centos2 i386 File : nvt/gb_CESA-2007_1077-01_python_centos2_i386.nasl |
2009-01-28 | Name : SuSE Update for pcre SUSE-SA:2007:062 File : nvt/gb_suse_2007_062.nasl |
2009-01-23 | Name : SuSE Update for php4, php5 SUSE-SA:2008:004 File : nvt/gb_suse_2008_004.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-30 (libpcre) File : nvt/glsa_200711_30.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-02 (R) File : nvt/glsa_200801_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-18 (kazehakase) File : nvt/glsa_200801_18.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200801-19 (goffice) File : nvt/glsa_200801_19.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200802-10 (python) File : nvt/glsa_200802_10.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200805-11 (chicken) File : nvt/glsa_200805_11.nasl |
2008-08-15 | Name : Debian Security Advisory DSA 1620-1 (python2.5) File : nvt/deb_1620_1.nasl |
2008-05-12 | Name : Debian Security Advisory DSA 1570-1 (kazehakase) File : nvt/deb_1570_1.nasl |
2008-04-21 | Name : Debian Security Advisory DSA 1551-1 (python2.4) File : nvt/deb_1551_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
40754 | Perl-Compatible Regular Expression (PCRE) Crafted Regexp Parsing Overflow |
35247 | Python Modules/_localemodule.c PyLocale_strxfrm() Function Arbitrary Memory D... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0016_remote.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1068.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1063.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-1059.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1068.nasl - Type : ACT_GATHER_INFO |
2013-03-06 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071129_pcre_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090727_python_for_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071210_python_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071109_pcre_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0629.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0525.nasl - Type : ACT_GATHER_INFO |
2010-01-10 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0264.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-11-23 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2009-0016.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12049.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12013.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12000.nasl - Type : ACT_GATHER_INFO |
2009-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1176.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0007.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0003.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1063.nasl - Type : ACT_GATHER_INFO |
2008-07-28 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1620.nasl - Type : ACT_GATHER_INFO |
2008-07-16 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2008-0546.nasl - Type : ACT_GATHER_INFO |
2008-05-09 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1570.nasl - Type : ACT_GATHER_INFO |
2008-04-22 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1551.nasl - Type : ACT_GATHER_INFO |
2008-03-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-585-1.nasl - Type : ACT_GATHER_INFO |
2008-02-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200802-10.nasl - Type : ACT_GATHER_INFO |
2008-01-08 | Name : The remote openSUSE host is missing a security update. File : suse_apache2-mod_php5-4810.nasl - Type : ACT_GATHER_INFO |
2007-12-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_apache2-mod_php5-4808.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_python-3750.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-1076.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1077.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1068.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1059.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1063.nasl - Type : ACT_GATHER_INFO |
2007-11-30 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-1065.nasl - Type : ACT_GATHER_INFO |
2007-11-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-30.nasl - Type : ACT_GATHER_INFO |
2007-11-09 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-212.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-3478.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_python-3749.nasl - Type : ACT_GATHER_INFO |
2007-05-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-099.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:51:15 |
|