Vulnerabilities > CVE-2007-2052 - Off-by-one Error vulnerability in Python 2.4.0/2.5.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability. CVE-2007-2052 . Remote exploit for linux platform |
| id | EDB-ID:30018 |
| last seen | 2016-02-03 |
| modified | 2007-05-08 |
| published | 2007-05-08 |
| reporter | Piotr Engelking |
| source | https://www.exploit-db.com/download/30018/ |
| title | Python 2.5 PyLocale_strxfrm Function Remote Information Leak Vulnerability |
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-1076.NASL description From Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 67614 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67614 title Oracle Linux 3 / 4 : python (ELSA-2007-1076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:1076 and # Oracle Linux Security Advisory ELSA-2007-1076 respectively. # include("compat.inc"); if (description) { script_id(67614); script_version("1.8"); script_cvs_date("Date: 2019/10/25 13:36:07"); script_cve_id("CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965"); script_bugtraq_id(25696, 26462); script_xref(name:"RHSA", value:"2007:1076"); script_name(english:"Oracle Linux 3 / 4 : python (ELSA-2007-1076)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2007:1076 : Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python's pcre module handled certain regular expressions. If a Python application used the pcre module to compile and execute untrusted regular expressions, it may be possible to cause the application to crash, or allow arbitrary code execution with the privileges of the Python interpreter. (CVE-2006-7228) A flaw was discovered in the strxfrm() function of Python's locale module. Strings generated by this function were not properly NULL-terminated. This may possibly cause disclosure of data stored in the memory of a Python application using this function. (CVE-2007-2052) Multiple integer overflow flaws were discovered in Python's imageop module. If an application written in Python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the Python interpreter. (CVE-2007-4965) Users of Python are advised to upgrade to these updated packages, which contain backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000441.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2007-December/000443.html" ); script_set_attribute( attribute:"solution", value:"Update the affected python packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-tools"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:tkinter"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/16"); script_set_attribute(attribute:"patch_publication_date", value:"2007/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-devel-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-devel-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"python-tools-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"python-tools-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"tkinter-2.2.3-6.8")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"tkinter-2.2.3-6.8")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-devel-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-docs-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"python-tools-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"i386", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++; if (rpm_check(release:"EL4", cpu:"x86_64", reference:"tkinter-2.3.4-14.4.el4_6.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python / python-devel / python-docs / python-tools / tkinter"); }NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-3749.NASL description This update fixes an off-by-one error in the PyLocale_strxfrm() function which can lead to a memory leak. (CVE-2007-2052) last seen 2020-06-01 modified 2020-06-02 plugin id 27408 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27408 title openSUSE 10 Security Update : python (python-3749) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update python-3749. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27408); script_version ("1.13"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-2052"); script_name(english:"openSUSE 10 Security Update : python (python-3749)"); script_summary(english:"Check for the python-3749 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes an off-by-one error in the PyLocale_strxfrm() function which can lead to a memory leak. (CVE-2007-2052)" ); script_set_attribute( attribute:"solution", value:"Update the affected python packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:python-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"python-2.4.2-18.10") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"python-devel-2.4.2-18.10") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"python-32bit-2.4.2-18.10") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0264.NASL description Red Hat Network Satellite Server version 5.0.2 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Two denial-of-service flaws were fixed in ZLib. (CVE-2005-2096, CVE-2005-1849) Multiple flaws were fixed in OpenSSL. (CVE-2006-4343, CVE-2006-4339, CVE-2006-3738, CVE-2006-2940, CVE-2006-2937, CVE-2005-2969) Multiple flaws were fixed in Python. (CVE-2007-4965, CVE-2007-2052, CVE-2006-4980, CVE-2006-1542) Users of Red Hat Network Satellite Server 5.0.1 are advised to upgrade to 5.0.2, which resolves these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 43836 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43836 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0264) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1176.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 40400 published 2009-07-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40400 title RHEL 5 : python (RHSA-2009:1176) NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-3478.NASL description This update fixes an off-by-one error in the PyLocale_strxfrm() function which can lead to a memory leak. (CVE-2007-2052) last seen 2020-06-01 modified 2020-06-02 plugin id 27407 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27407 title openSUSE 10 Security Update : python (python-3478) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1176.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 43771 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43771 title CentOS 5 : python (CESA-2009:1176) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1176.NASL description From Red Hat Security Advisory 2009:1176 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 67896 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67896 title Oracle Linux 5 : python (ELSA-2009-1176) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2008-0003.NASL description I Updated ESX driver a. Updated aacraid driver This patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the Service Console to cause a denial of service or gain privileges. Thanks to Adaptec for reporting this issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-4308 to this issue. II Service Console package security updates a. Samba Alin Rad Pop of Secunia Research found a stack-based buffer overflow flaw in the way Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. Note: This vulnerability can be exploited only if the attacker has access to the Service Console network. The Samba client is installed by default in the Service Console, but the Samba server is not. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2007-6015 to this issue. b. Python Chris Evans of the Google security research team discovered an integer overflow issue with the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 40374 published 2009-07-27 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40374 title VMSA-2008-0003 : Moderate: Updated aacraid driver and samba and python Service Console updates NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1620.NASL description Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 33740 published 2008-07-28 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33740 title Debian DSA-1620-1 : python2.5 - several vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20090727_PYTHON_FOR_SL5_X.NASL description When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 60622 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60622 title Scientific Linux Security Update : python for SL5.x i386/x86_64 NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-1076.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29255 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29255 title CentOS 3 / 4 : python (CESA-2007:1076) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-585-1.NASL description Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer. This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script. (CVE-2007-2052) A flaw was discovered in the Python imageop module. If a script using the module could be tricked into processing a specially crafted set of arguments, a remote attacker could execute arbitrary code, or cause the application to crash. (CVE-2007-4965). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 31461 published 2008-03-13 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31461 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : python2.4/2.5 vulnerabilities (USN-585-1) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-099.NASL description An off-by-one error was discovered in the PyLocale_strxfrm function in Python 2.4 and 2.5 that could allow context-dependent attackers the ability to read portions of memory via special manipulations that trigger a buffer over-read due to missing null termination. The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 25190 published 2007-05-10 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25190 title Mandrake Linux Security Advisory : python (MDKSA-2007:099) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1551.NASL description Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a minor information disclosure. - CVE-2007-4965 It was discovered that several integer overflows in the imageop module may lead to the execution of arbitrary code, if a user is tricked into processing malformed images. This issue is also tracked as CVE-2008-1679 due to an initially incomplete patch. - CVE-2008-1721 Justin Ferguson discovered that a buffer overflow in the zlib module may lead to the execution of arbitrary code. - CVE-2008-1887 Justin Ferguson discovered that insufficient input validation in PyString_FromStringAndSize() may lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 32006 published 2008-04-22 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32006 title Debian DSA-1551-1 : python2.4 - several vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0525.NASL description Red Hat Network Satellite Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in various components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib was discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-2096). An attacker could create a carefully crafted compressed stream that would cause an application to crash if the stream is opened by a user. (CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 is used it may be possible for an attacker to forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around could allow an attacker, acting as a last seen 2020-06-01 modified 2020-06-02 plugin id 43838 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43838 title RHEL 3 / 4 : Solaris client in Satellite Server (RHSA-2008:0525) NASL family SuSE Local Security Checks NASL id SUSE_SU-2020-0234-1.NASL description This update for python fixes the following issues : Updated to version 2.7.17 to unify packages among openSUSE:Factory and SLE versions (bsc#1159035). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 133259 published 2020-01-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133259 title SUSE SLED15 / SLES15 Security Update : python (SUSE-SU-2020:0234-1) (BEAST) (httpoxy) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1077.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29302 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29302 title RHEL 2.1 : python (RHSA-2007:1077) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-1076.NASL description Updated python packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 29301 published 2007-12-11 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/29301 title RHEL 3 / 4 : python (RHSA-2007:1076) NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-3750.NASL description This update fixes an off-by-one error in the PyLocale_strxfrm() function which can lead to a memory leak. (CVE-2007-2052) last seen 2020-06-01 modified 2020-06-02 plugin id 29560 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29560 title SuSE 10 Security Update : python (ZYPP Patch Number 3750) NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2008-0629.NASL description Red Hat Network Satellite Server version 5.1.1 is now available. This update includes fixes for a number of security issues in Red Hat Network Satellite Server Solaris client components. This update has been rated as having moderate security impact by the Red Hat Security Response Team. This release corrects several security vulnerabilities in components shipped as part of the Red Hat Network Satellite Server Solaris client. In a typical operating environment, these components are not used by the Satellite Server in a vulnerable manner. These security updates will reduce risk should these components be used by other applications. Several flaws in Zlib were discovered. An attacker could create a carefully-crafted compressed stream that would cause an application to crash if the stream was opened by a user. (CVE-2005-2096, CVE-2005-1849) A buffer overflow was discovered in the OpenSSL SSL_get_shared_ciphers() utility function. An attacker could send a list of ciphers to an application that used this function and overrun a buffer (CVE-2006-3738). A flaw in the SSLv2 client code was discovered. If a client application used OpenSSL to create an SSLv2 connection to a malicious server, that server could cause the client to crash. (CVE-2006-4343) An attack on OpenSSL PKCS #1 v1.5 signatures was discovered. Where an RSA key with exponent 3 was used an attacker could, potentially, forge a PKCS #1 v1.5 signature that would be incorrectly verified by implementations that do not check for excess data in the RSA exponentiation result of the signature. This issue affected applications that use OpenSSL to verify X.509 certificates as well as other uses of PKCS #1 v1.5. (CVE-2006-4339) OpenSSL contained a software work-around for a bug in SSL handling in Microsoft Internet Explorer version 3.0.2. It is enabled in most servers that use OpenSSL to provide support for SSL and TLS. This work-around was vulnerable to a man-in-the-middle attack which allowed a remote user to force an SSL connection to use SSL 2.0, rather than a stronger protocol, such as SSL 3.0 or TLS 1.0. (CVE-2005-2969) During OpenSSL parsing of certain invalid ASN.1 structures, an error condition was mishandled. This could result in an infinite loop which consumed system memory (CVE-2006-2937). Certain public key types could take disproportionate amounts of time to process in OpenSSL, leading to a denial of service. (CVE-2006-2940) A flaw was discovered in the Python repr() function last seen 2020-06-01 modified 2020-06-02 plugin id 43839 published 2010-01-10 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43839 title RHEL 4 : Solaris client in Satellite Server (RHSA-2008:0629) NASL family Scientific Linux Local Security Checks NASL id SL_20071210_PYTHON_ON_SL4_X.NASL description An integer overflow flaw was discovered in the way Python last seen 2020-06-01 modified 2020-06-02 plugin id 60327 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60327 title Scientific Linux Security Update : python on SL4.x, SL3.x i386/x86_64
Oval
accepted 2013-04-29T04:15:27.797-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. family unix id oval:org.mitre.oval:def:11716 status accepted submitted 2010-07-09T03:56:16-04:00 title Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. version 27 accepted 2014-01-20T04:01:38.578-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887 comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293
description Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination. family unix id oval:org.mitre.oval:def:8353 status accepted submitted 2010-03-19T16:57:59.000-04:00 title VMware python PyLocale_strxfrm function vulnerability version 7
Redhat
| advisories |
| ||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 23887 CVE(CAN) ID: CVE-2007-2052 Python是一种开放源代码的脚本编程语言。 Python的Modules/_localemodule.c文件中的PyLocale_strxfrm函数中存在单字节溢出漏洞,允许攻击者读取部分内存内容。 Modules/_localemodule.c:361 356 n1 = strlen(s) + 1; 357 buf = PyMem_Malloc(n1); 358 if (!buf) 359 return PyErr_NoMemory(); 360 n2 = strxfrm(buf, s, n1); 如果所转换的字符串长于原始字符串的话: 361 if (n2 > n1) { 362 /* more space needed */ 在这里会分配n2字节: 363 buf = PyMem_Realloc(buf, n2); 364 if (!buf) 365 return PyErr_NoMemory(); 字符串会为n2字符长,终止的空字符不适合这个长度,因此字符串不会终止,在某些情况下可能导致信息泄露。 366 strxfrm(buf, s, n2); 367 } 368 result = PyString_FromString(buf); 369 PyMem_Free(buf); 370 return result; 371 } 372 373 #if defined(MS_WINDOWS) 374 static PyObject* 375 PyLocale_getdefaultlocale(PyObject* self) Python Software Foundation Python 2.5 Python Software Foundation Python 2.4 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1551-1)以及相应补丁: DSA-1551-1:New python2.4 packages fix several vulnerabilities 链接:<a href=http://www.debian.org/security/2008/dsa-1551 target=_blank>http://www.debian.org/security/2008/dsa-1551</a> 补丁下载: Source archives: <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.diff.gz</a> Size/MD5 checksum: 195434 8b86b3dc4c5a86a9ad8682fee56f30ca <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4.orig.tar.gz</a> Size/MD5 checksum: 9508940 f74ef9de91918f8927e75e8c3024263a <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1.dsc</a> Size/MD5 checksum: 1201 585773fd24634e05bb56b8cc85215c65 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-examples_2.4.4-3+etch1_all.deb</a> Size/MD5 checksum: 589642 63092c4cd1ea78c0993345be25a162b8 <a href=http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/idle-python2.4_2.4.4-3+etch1_all.deb</a> Size/MD5 checksum: 60864 21664a3f029087144046b6c175e88736 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 2968890 60a29f058a96e21d278a738fbb8067bf <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 1848176 ddb7c47970f277baa00e6c080e4530bd <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 5226532 5aa6daa859acdfdfcb7445586f4a0eb6 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_alpha.deb</a> Size/MD5 checksum: 963606 38c08ee31ae6189631e503ad3d76fa87 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 2967058 6f06a90e94a6068b126413111185aff5 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 1635936 d5f98666609c652224b5552f5bb6b7a9 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 966196 7436b29b52acd99872d79b595f489ace <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_amd64.deb</a> Size/MD5 checksum: 5587046 82444f4d11055f259d0899a0f8574b37 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_arm.deb</a> Size/MD5 checksum: 2881272 408ac2b8cd6180975109364b26ae1c95 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_arm.deb</a> Size/MD5 checksum: 901442 88d59caa6744da5c62a802124087d09c <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_arm.deb</a> Size/MD5 checksum: 1500512 3113ad3590f5969703ce426a23ca67dd <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_arm.deb</a> Size/MD5 checksum: 5351974 4f77de8e3dd9c12aa1e06a57cee82dac hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 3073066 1b4498c26a825c27c6d9765ed8a2e33e <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 5521834 68a5524fdb007cacc29a38865a43781d <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 1798220 6c9ce4754c024fbd1674a63c5ba0f06a <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_hppa.deb</a> Size/MD5 checksum: 1017646 b8dd6490a43da08aa36c43712c360ff8 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 2849512 2598cb802b7f5e1aac6404b801a0a7f0 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 1508782 b8ffe50ecf5dfe173765dc5b263b7737 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 5176966 f6892dc5e598f1811bfc32ea81a863d6 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_i386.deb</a> Size/MD5 checksum: 900670 7956a1cf96b4b59de2d9e4972e04fff2 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 3371938 88e170459b0762e1db775753f6d69bb5 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 2269496 2c1ef318f92b9d4b1c202ad77c8c4462 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 1289496 d6fba2d2ea64736cf614b0b3b1ced9bf <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_ia64.deb</a> Size/MD5 checksum: 6059106 e1008e68d3d775590b2a29bd7bec7b6c mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 2906992 e6e43c336e1095e3fe7f5985e500bf55 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 1725610 a9e2b6b11b1d9185885a9f99ed2d03b8 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 5646190 5c420d1aa984c190b121c8494c6fca5a <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mips.deb</a> Size/MD5 checksum: 956712 4949e953435f72cf9d06bb8684170175 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 1717120 30986065ecf6810f46294c8ca196b538 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 939320 89571b10c2635774f65921083344a911 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 5507492 a06d9728ef16072ee50b3a1fcf7d08a8 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_mipsel.deb</a> Size/MD5 checksum: 2863620 90b6a4b2c498acb4a46e205d36cf8ec9 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 1639780 4b7c83795b6d07c3a4050d5db977c577 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 5778968 7e97b8f62daf0f91e48bf6af20552b51 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 2956174 8e55e492ee8aa6e4787e77b161a245e5 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_powerpc.deb</a> Size/MD5 checksum: 978078 9212e583942704f71a07478baa4d6446 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-minimal_2.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 973904 3cc580a21934a7f5fac203235386e250 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4_2.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 2976776 efb7a2dc81b69a45ead47986d3b8fce5 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dev_2.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 1646932 146ee8341c514308b15ca151753b3ca8 <a href=http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb target=_blank>http://security.debian.org/pool/updates/main/p/python2.4/python2.4-dbg_2.4.4-3+etch1_s390.deb</a> Size/MD5 checksum: 5667818 9b4543d9a0e5f51e8d9b790f6c3b43c8 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2007:1077-01)以及相应补丁: RHSA-2007:1077-01:Moderate: python security update 链接:<a href=https://www.redhat.com/support/errata/RHSA-2007-1077.html target=_blank>https://www.redhat.com/support/errata/RHSA-2007-1077.html</a> Python Software Foundation -------------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&r1=51333&r2=54670 target=_blank>http://svn.python.org/view/python/branches/release25-maint/Modules/_localemodule.c?rev=54670&r1=51333&r2=54670</a> |
| id | SSV:3195 |
| last seen | 2017-11-19 |
| modified | 2008-04-23 |
| published | 2008-04-23 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-3195 |
| title | Python PyLocale_strxfrm函数远程信息泄露漏洞 |
Statements
| contributor | Joshua Bressers |
| lastmodified | 2007-04-19 |
| organization | Red Hat |
| statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416934
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093
- http://www.python.org/download/releases/2.5.1/NEWS.txt
- http://www.securityfocus.com/bid/23887
- http://secunia.com/advisories/25190
- http://secunia.com/advisories/25217
- https://issues.rpath.com/browse/RPL-1358
- http://secunia.com/advisories/25233
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:099
- http://www.redhat.com/support/errata/RHSA-2007-1076.html
- http://www.redhat.com/support/errata/RHSA-2007-1077.html
- http://www.novell.com/linux/security/advisories/2007_13_sr.html
- http://www.trustix.org/errata/2007/0019/
- http://secunia.com/advisories/25353
- http://secunia.com/advisories/25787
- http://secunia.com/advisories/28027
- http://secunia.com/advisories/28050
- http://lists.vmware.com/pipermail/security-announce/2008/000005.html
- http://secunia.com/advisories/29032
- http://www.ubuntu.com/usn/usn-585-1
- http://secunia.com/advisories/29303
- http://www.debian.org/security/2008/dsa-1551
- http://secunia.com/advisories/29889
- http://www.debian.org/security/2008/dsa-1620
- http://secunia.com/advisories/31255
- http://www.redhat.com/support/errata/RHSA-2008-0629.html
- http://secunia.com/advisories/31492
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/3316
- http://secunia.com/advisories/37471
- http://www.vupen.com/english/advisories/2007/1465
- http://www.vupen.com/english/advisories/2008/0637
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34060
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8353
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11716
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/488457/100/0/threaded
- http://www.securityfocus.com/archive/1/469294/30/6450/threaded