Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1150

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1150
Last Modified 30 Oct 2013 11:23:46
Published 05 Oct 2012 05:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1150

Summary

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Vulnerable Systems

Application

  • Python 0.9.0

  • Python 0.9.1

  • Python 1.2

  • Python 1.3

  • Python 1.5.2

  • Python 1.6

  • Python 1.6.1

  • Python 2.0

  • Python 2.0.1

  • Python 2.1

  • Python 2.1.1

  • Python 2.1.2

  • Python 2.1.3

  • Python 2.2

  • Python 2.2.1

  • Python 2.2.2

  • Python 2.2.3

  • Python 2.3

  • Python 2.3.1

  • Python 2.3.2

  • Python 2.3.3

  • Python 2.3.4

  • Python 2.3.5

  • Python 2.3.7

  • Python 2.4

  • Python 2.4.1

  • Python 2.4.2

  • Python 2.4.3

  • Python 2.4.4

  • Python 2.4.6

  • Python 2.5

  • Python 2.5.1

  • Python 2.5.150

  • Python 2.5.2

  • Python 2.5.3

  • Python 2.5.4

  • Python 2.5.6

  • Python 2.6

  • Python 2.6.1

  • Python 2.6.2

  • Python 2.6.2150

  • Python 2.6.3

  • Python 2.6.4

  • Python 2.6.5

  • Python 2.6.6

  • Python 2.6.6150

  • Python 2.6.7

  • Python 2.7

  • Python 2.7.1

  • Python 2.7.1150

  • Python 2.7.2

  • Python 2.7.2150

  • Python 3.0

  • Python 3.0.1

  • Python 3.1

  • Python 3.1.1

  • Python 3.1.2

  • Python 3.1.3

  • Python 3.1.4

  • Python 3.2

  • Python 3.2.2150


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=750555

MLIST - [oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703)

CONFIRM - http://python.org/download/releases/3.2.3/

CONFIRM - http://python.org/download/releases/3.1.5/

CONFIRM - http://python.org/download/releases/2.7.3/

CONFIRM - http://python.org/download/releases/2.6.8/

MLIST - [python-dev] 20120128 plugging the hash attack

MLIST - [python-dev] 20111229 Hash collision security issue (now public)

CONFIRM - http://bugs.python.org/issue13703

UBUNTU - USN-1596-1

UBUNTU - USN-1615-1

UBUNTU - USN-1592-1

SECUNIA - 51089

UBUNTU - USN-1616-1

SECUNIA - 51087

SECUNIA - 50858

APPLE - APPLE-SA-2013-10-22-3

Related Patches

SUN143506-06 Solaris 10 SPARC: GNOME 2.6.0: Python patch (Rev 2)

SUN143507-06 Solaris 10 x86: GNOME 2.6.0: Python patch (Rev 2)

Red Hat 2012:0745-01 RHSA Moderate: python security update for RHEL 5 x86

Red Hat 2012:0745-01 RHSA Moderate: python security update for RHEL 5 x86_64

Novell SUSE 2012:6247 apache2-mod_python security update for SLES 11 SP1 i586

Novell SUSE 2012:6247 apache2-mod_python security update for SLES 11 SP1 x86_64

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 x86_64

Novell SUSE 2012:6310 python-randomisation-update security update for SLE 11 SP1 i586

Novell SUSE 2012:8080 python security update for SLE 10 SP4 x86_64

Novell SUSE 2012:8080 python security update for SLE 10 SP4 i586

Novell SUSE 2012:8127 apache2-mod_python security update for SLES 10 SP4 i586

Novell SUSE 2012:8127 apache2-mod_python security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 11:00:53