Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1887

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-1887
Last Modified 30 Nov 2010 12:00:00
Published 18 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1887

Summary

Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.

Vulnerable Systems

Application

  • Python Software Foundation Python 1.5.2

  • Python Software Foundation Python 1.6

  • Python Software Foundation Python 1.6.1

  • Python Software Foundation Python 2.0

  • Python Software Foundation Python 2.0.1

  • Python Software Foundation Python 2.1

  • Python Software Foundation Python 2.1.1

  • Python Software Foundation Python 2.1.2

  • Python Software Foundation Python 2.1.3

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.2.1

  • Python Software Foundation Python 2.2.2

  • Python Software Foundation Python 2.2.3

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.3.5

  • Python Software Foundation Python 2.3.6

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.4.1

  • Python Software Foundation Python 2.4.2

  • Python Software Foundation Python 2.4.3

  • Python Software Foundation Python 2.4.4

  • Python Software Foundation Python 2.5

  • Python Software Foundation Python 2.5 Alpha 1

  • Python Software Foundation Python 2.5 Alpha 2

  • Python Software Foundation Python 2.5 Beta 1

  • Python Software Foundation Python 2.5 Beta 2

  • Python Software Foundation Python 2.5 Beta 3

  • Python Software Foundation Python 2.5 Final

  • Python Software Foundation Python 2.5 Release Candidate 1

  • Python Software Foundation Python 2.5 Release Candidate 2

  • Python Software Foundation Python 2.5.1

  • Python Software Foundation Python 2.5.2


References

BID - 28749

DEBIAN - DSA-1620

DEBIAN - DSA-1551

XF - python-pystringfromstringandsize-bo(41944)

VUPEN - ADV-2009-3316

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-632-1

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20090824 rPSA-2009-0122-1 idle python

BUGTRAQ - 20080411 IOActive Security Advisory: Incorrect input validation in PyString_FromStringAndSize() leads to multiple buffer overflows

CONFIRM - http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0122

CONFIRM - http://support.apple.com/kb/HT3438

GENTOO - GLSA-200807-01

SECUNIA - 37471

SECUNIA - 33937

SECUNIA - 31687

SECUNIA - 31518

SECUNIA - 31365

SECUNIA - 31255

SECUNIA - 30872

SECUNIA - 29889

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2009-02-12

CONFIRM - http://bugs.python.org/issue2587

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5490 python security update for SLE 10 i586


Last Updated: 27 May 2016 10:47:41