Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4965

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-4965
Last Modified 07 Mar 2011 09:59:44
Published 18 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4965

Summary

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Vulnerable Systems

Application

  • Python Software Foundation Python 1.5.2

  • Python Software Foundation Python 1.6

  • Python Software Foundation Python 1.6.1

  • Python Software Foundation Python 2.0

  • Python Software Foundation Python 2.0.1

  • Python Software Foundation Python 2.1

  • Python Software Foundation Python 2.1.1

  • Python Software Foundation Python 2.1.2

  • Python Software Foundation Python 2.1.3

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.2.1

  • Python Software Foundation Python 2.2.2

  • Python Software Foundation Python 2.2.3

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.3.5

  • Python Software Foundation Python 2.3.6

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.4.1

  • Python Software Foundation Python 2.4.2

  • Python Software Foundation Python 2.4.3

  • Python Software Foundation Python 2.4.4

  • Python Software Foundation Python 2.5

  • Python Software Foundation Python 2.5.1


References

CERT - TA07-352A

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-0637

VUPEN - ADV-2007-4238

VUPEN - ADV-2007-3201

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

BID - 25696

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

REDHAT - RHSA-2008:0629

DEBIAN - DSA-1620

CONFIRM - http://support.avaya.com/css/P8/documents/100074697

CONFIRM - http://support.apple.com/kb/HT3438

SECUNIA - 38675

SECUNIA - 37471

SECUNIA - 33937

SECUNIA - 31492

SECUNIA - 31255

FULLDISC - 20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module

APPLE - APPLE-SA-2009-02-12

FEDORA - FEDORA-2007-2663

CONFIRM - https://issues.rpath.com/browse/RPL-1885

XF - python-imageop-bo(36653)

UBUNTU - USN-585-1

BUGTRAQ - 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

BUGTRAQ - 20080212 FLEA-2008-0002-1 python

REDHAT - RHSA-2007:1076

MANDRIVA - MDVSA-2008:013

MANDRIVA - MDVSA-2008:012

GENTOO - GLSA-200711-07

DEBIAN - DSA-1551

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

SECUNIA - 29889

SECUNIA - 29303

SECUNIA - 29032

SECUNIA - 28838

SECUNIA - 28480

SECUNIA - 28136

SECUNIA - 27872

SECUNIA - 27562

SECUNIA - 27460

SECUNIA - 26837

MLIST - [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates

SUSE - SUSE-SR:2008:003

APPLE - APPLE-SA-2007-12-17

CONFIRM - http://docs.info.apple.com/article.html?artnum=307179

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=192876

Related Patches

Apple 2007-12-17 Security Update 2007-009 (10.4.11 PPC)

Apple 2007-12-17 Security Update 2007-009 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 PPC)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.5.1)

Apple 2007-12-21 Security Update 2007-009 1.1 (10.4.11 Universal)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:4902 python security update for SLE 10 SP1 i586


Last Updated: 27 May 2016 10:46:01