Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3144

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3144
Last Modified 07 Mar 2011 10:10:16
Published 01 Aug 2008 10:41:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3144

Summary

Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.

Vulnerable Systems

Application

  • Python Software Foundation Python 1.5.2

  • Python Software Foundation Python 1.6

  • Python Software Foundation Python 1.6.1

  • Python Software Foundation Python 2.0

  • Python Software Foundation Python 2.0.1

  • Python Software Foundation Python 2.1

  • Python Software Foundation Python 2.1.1

  • Python Software Foundation Python 2.1.2

  • Python Software Foundation Python 2.1.3

  • Python Software Foundation Python 2.2

  • Python Software Foundation Python 2.2.1

  • Python Software Foundation Python 2.2.2

  • Python Software Foundation Python 2.2.3

  • Python Software Foundation Python 2.3

  • Python Software Foundation Python 2.3.1

  • Python Software Foundation Python 2.3.2

  • Python Software Foundation Python 2.3.3

  • Python Software Foundation Python 2.3.4

  • Python Software Foundation Python 2.3.5

  • Python Software Foundation Python 2.3.6

  • Python Software Foundation Python 2.3.7

  • Python Software Foundation Python 2.4

  • Python Software Foundation Python 2.4.1

  • Python Software Foundation Python 2.4.2

  • Python Software Foundation Python 2.4.3

  • Python Software Foundation Python 2.4.4

  • Python Software Foundation Python 2.4.5

  • Python Software Foundation Python 2.5

  • Python Software Foundation Python 2.5.1

  • Python Software Foundation Python 2.5.2


References

XF - python-multiple-bo(44173)

XF - python-pyosvsnprintf-bo(44171)

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-2288

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

UBUNTU - USN-632-1

BID - 30491

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20080813 rPSA-2008-0243-1 idle python

CONFIRM - http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=InfoDocument-patchbuilder-readme5032900

MANDRIVA - MDVSA-2008:164

MANDRIVA - MDVSA-2008:163

DEBIAN - DSA-1667

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0243

CONFIRM - http://svn.python.org/view?rev=63883&view=rev

CONFIRM - http://svn.python.org/view?rev=63734&view=rev

CONFIRM - http://svn.python.org/view?rev=63728&view=rev

CONFIRM - http://support.apple.com/kb/HT3438

SLACKWARE - SSA:2008-217-01

GENTOO - GLSA-200807-16

SECUNIA - 37471

SECUNIA - 33937

SECUNIA - 32793

SECUNIA - 31687

SECUNIA - 31518

SECUNIA - 31473

SECUNIA - 31365

SECUNIA - 31358

SECUNIA - 31332

SECUNIA - 31305

SUSE - SUSE-SR:2008:017

APPLE - APPLE-SA-2009-02-12

CONFIRM - http://bugs.python.org/issue2589

CONFIRM - http://bugs.python.org/issue2588

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=232137

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5490 python security update for SLE 10 i586


Last Updated: 27 May 2016 10:48:05