Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1679

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1679
Last Modified 21 Aug 2010 01:19:02
Published 22 Apr 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1679

Summary

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

Vulnerable Systems

Application

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.5.2


References

DEBIAN - DSA-1551

SECUNIA - 29889

UBUNTU - USN-632-1

CONFIRM - http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

MANDRIVA - MDVSA-2008:164

MANDRIVA - MDVSA-2008:163

DEBIAN - DSA-1620

CONFIRM - http://support.avaya.com/css/P8/documents/100074697

CONFIRM - http://support.apple.com/kb/HT3438

SLACKWARE - SSA:2008-217-01

GENTOO - GLSA-200807-01

SECUNIA - 38675

SECUNIA - 33937

SECUNIA - 31687

SECUNIA - 31518

SECUNIA - 31365

SECUNIA - 31358

SECUNIA - 31255

SECUNIA - 30872

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2009-02-12

MISC - http://bugs.python.org/msg64682

CONFIRM - http://bugs.python.org/issue1179

CONFIRM - https://issues.rpath.com/browse/RPL-2424

XF - python-imageopc-bo(41958)

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0149

SECUNIA - 29955

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5490 python security update for SLE 10 i586


Last Updated: 27 May 2016 10:47:37