Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1912

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-1912
Last Modified 17 Aug 2015 09:59:30
Published 28 Feb 2014 07:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1912

Summary

Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string.

Vulnerable Systems

Application

  • Python 2.5

  • Python 2.5.1

  • Python 2.5.150

  • Python 2.5.2

  • Python 2.5.3

  • Python 2.5.4

  • Python 2.5.6

  • Python 2.6

  • Python 2.6.1

  • Python 2.6.2

  • Python 2.6.2150

  • Python 2.6.3

  • Python 2.6.4

  • Python 2.6.5

  • Python 2.6.6

  • Python 2.6.6150

  • Python 2.6.7

  • Python 2.6.8

  • Python 2.7

  • Python 2.7.1

  • Python 2.7.1150

  • Python 2.7.2

  • Python 2.7.2150

  • Python 2.7.3

  • Python 2.7.4

  • Python 2.7.5

  • Python 2.7.6

  • Python 3.0

  • Python 3.0.1

  • Python 3.1

  • Python 3.1.1

  • Python 3.1.2

  • Python 3.1.2150

  • Python 3.1.3

  • Python 3.1.4

  • Python 3.1.5

  • Python 3.2

  • Python 3.2.0

  • Python 3.2.1

  • Python 3.2.2

  • Python 3.2.2150

  • Python 3.2.3

  • Python 3.2.4

  • Python 3.2.5

  • Python 3.3

  • Python 3.3.0

  • Python 3.3.1

  • Python 3.3.2

  • Python 3.3.3

  • Python 3.4


References

MISC - https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/

SECTRACK - 1029831

MLIST - [oss-security] 20140212 Re: CVE request? buffer overflow in socket.recvfrom_into

EXPLOIT-DB - 31875

MISC - http://pastebin.com/raw.php?i=GHXSmNEg

CONFIRM - http://hg.python.org/cpython/rev/87673659d8f7

CONFIRM - http://bugs.python.org/issue20246

UBUNTU - USN-2125-1

DEBIAN - DSA-2880

SUSE - openSUSE-SU-2014:0597

CONFIRM - https://support.apple.com/kb/HT205031

APPLE - APPLE-SA-2015-08-13-2


Last Updated: 27 May 2016 11:04:31