Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0089

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0089
Last Modified 21 Aug 2010 12:25:28
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0089

Summary

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Vulnerable Systems

Application

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.4


References

CONFIRM - http://www.python.org/security/PSF-2005-001/

DEBIAN - DSA-666

CONFIRM - http://python.org/security/PSF-2005-001/patch-2.2.txt

BUGTRAQ - 20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py

XF - python-simplexmlrpcserver-bypass(19217)

TRUSTIX - 2005-0003

REDHAT - RHSA-2005:108

BID - 12437

MANDRAKE - MDKSA-2005:035

SECTRACK - 1013083

SECUNIA - 14128


Last Updated: 27 May 2016 10:39:40