Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2315

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2315
Last Modified 07 Mar 2011 10:08:59
Published 01 Aug 2008 10:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2315

Summary

Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.

Vulnerable Systems

Application

  • Python Software Foundation Python 1.5.2

  • Python Software Foundation Python 1.6

  • Python Software Foundation Python 1.6.1

  • Python Software Foundation Python 2.0

  • Python Software Foundation Python 2.0.1

  • Python Software Foundation Python 2.1

  • Python Software Foundation Python 2.1.1

  • Python Software Foundation Python 2.1.2

  • Python Software Foundation Python 2.1.3

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.2.1

  • Python Software Foundation Python 2.2.2

  • Python Software Foundation Python 2.2.3

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.3.5

  • Python Software Foundation Python 2.3.6

  • Python Software Foundation Python 2.3.7

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.4.1

  • Python Software Foundation Python 2.4.2

  • Python Software Foundation Python 2.4.3

  • Python Software Foundation Python 2.4.4

  • Python Software Foundation Python 2.4.5

  • Python Software Foundation Python 2.5

  • Python Software Foundation Python 2.5.1

  • Python Software Foundation Python 2.5.2


References

XF - python-multiple-bo(44173)

XF - python-modules-bo(44172)

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-2288

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-632-1

BID - 30491

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

MLIST - [oss-security] 20081105 Re: CVE Request - Python string expandtabs

MLIST - [oss-security] 20081105 CVE Request - Python string expandtabs

CONFIRM - http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

MANDRIVA - MDVSA-2008:164

MANDRIVA - MDVSA-2008:163

DEBIAN - DSA-1667

CONFIRM - http://support.avaya.com/css/P8/documents/100074697

CONFIRM - http://support.apple.com/kb/HT3438

SLACKWARE - SSA:2008-217-01

GENTOO - GLSA-200807-16

SECUNIA - 38675

SECUNIA - 37471

SECUNIA - 33937

SECUNIA - 32793

SECUNIA - 31687

SECUNIA - 31518

SECUNIA - 31365

SECUNIA - 31358

SECUNIA - 31332

SECUNIA - 31305

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2009-02-12

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=230640

CONFIRM - http://bugs.gentoo.org/attachment.cgi?id=159418&action=view

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5490 python security update for SLE 10 i586


Last Updated: 27 May 2016 10:47:49