Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5031

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5031
Last Modified 30 Oct 2012 11:06:35
Published 10 Nov 2008 11:15:12
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5031

Summary

Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315.

Vulnerable Systems

Application

  • Python 2.2.3

  • Python 2.3.7

  • Python 2.4.6

  • Python 2.5.1

  • Python 2.6


References

VUPEN - ADV-2009-3316

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

MLIST - [oss-security] 20081105 Re: CVE Request - Python string expandtabs

MLIST - [oss-security] 20081105 CVE Request - Python string expandtabs

CONFIRM - http://svn.python.org/view?rev=61350&view=rev

CONFIRM - http://svn.python.org/view/python/trunk/Objects/unicodeobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/unicodeobject.c&p2=/python/trunk/Objects/unicodeobject.c

CONFIRM - http://svn.python.org/view/python/trunk/Objects/stringobject.c?rev=61350&view=diff&r1=61350&r2=61349&p1=python/trunk/Objects/stringobject.c&p2=/python/trunk/Objects/stringobject.c

CONFIRM - http://support.apple.com/kb/HT3438

GENTOO - GLSA-200907-16

SECUNIA - 37471

SECUNIA - 35750

SECUNIA - 33937

MISC - http://scary.beasts.org/security/CESA-2008-008.html

APPLE - APPLE-SA-2009-02-12

XF - python-expandtabs-integer-overflow(46612)

Related Patches

Apple 2009-02-12 Security Update 2009-001 Server (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 (Tiger PPC)

Apple 2009-02-12 Security Update 2009-001 Server (Tiger Intel)

Apple 2009-02-12 Security Update 2009-001 (Tiger Intel)

Novell SUSE 2008:5837 python security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:49:46