Vulnerabilities > CVE-2008-4864 - Integer Overflow or Wraparound vulnerability in Python
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Exploit-Db
description Python 2.5.2 'Imageop' Module Argument Validation Buffer Overflow Vulnerability. CVE-2008-4864. Dos exploit for unix platform id EDB-ID:32534 last seen 2016-02-03 modified 2008-10-27 published 2008-10-27 reporter Chris Evans source https://www.exploit-db.com/download/32534/ title Python <= 2.5.2 - 'Imageop' Module Argument Validation Buffer Overflow Vulnerability description Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow Vulnerability. CVE-2008-4864. Dos exploits for multiple platform id EDB-ID:10229 last seen 2016-02-01 modified 2009-11-24 published 2009-11-24 reporter Chris Evans source https://www.exploit-db.com/download/10229/ title Python < 2.5.2 Imageop Module - 'imageop.crop' Buffer Overflow Vulnerability
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-806-1.NASL description It was discovered that Python incorrectly handled certain arguments in the imageop module. If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges. For Python 2.5, this issue only affected Ubuntu 8.04 LTS. (CVE-2008-4864) Multiple integer overflows were discovered in Python last seen 2020-06-01 modified 2020-06-02 plugin id 40361 published 2009-07-24 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40361 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 : python2.4, python2.5 vulnerabilities (USN-806-1) NASL family SuSE Local Security Checks NASL id SUSE_11_0_PYTHON-081201.NASL description Integer Overflows in the python imageop module potentially allowed attackers to execute arbitrary code (CVE-2008-4864). last seen 2020-06-01 modified 2020-06-02 plugin id 40116 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40116 title openSUSE Security Update : python (python-360) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1176.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 40400 published 2009-07-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40400 title RHEL 5 : python (RHSA-2009:1176) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1178.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 40402 published 2009-07-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40402 title RHEL 3 : python (RHSA-2009:1178) NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-5837.NASL description Integer Overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code. (CVE-2008-4864 / CVE-2008-5031) last seen 2020-06-01 modified 2020-06-02 plugin id 41581 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41581 title SuSE 10 Security Update : Python (ZYPP Patch Number 5837) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1178.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 40394 published 2009-07-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40394 title CentOS 3 : python (CESA-2009:1178) NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-001.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-001 applied. This security update contains fixes for the following products : - AFP Server - Apple Pixlet Video - CarbonCore - CFNetwork - Certificate Assistant - ClamAV - CoreText - CUPS - DS Tools - fetchmail - Folder Manager - FSEvents - Network Time - perl - Printing - python - Remote Apple Events - Safari RSS - servermgrd - SMB - SquirrelMail - X11 - XTerm last seen 2020-06-01 modified 2020-06-02 plugin id 35684 published 2009-02-13 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35684 title Mac OS X Multiple Vulnerabilities (Security Update 2009-001) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1176.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 43771 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43771 title CentOS 5 : python (CESA-2009:1176) NASL family Scientific Linux Local Security Checks NASL id SL_20090728_PYTHON_FOR_SL_3_0_X.NASL description When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 60624 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60624 title Scientific Linux Security Update : python for SL 3.0.x on i386/x86_64 NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-003.NASL description Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. (CVE-2008-4864) Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, allow context-dependent attackers to have an unknown impact via a large integer value in the tabsize argument to the expandtabs method, as implemented by (1) the string_expandtabs function in Objects/stringobject.c and (2) the unicode_expandtabs function in Objects/unicodeobject.c. NOTE: this vulnerability reportedly exists because of an incomplete fix for CVE-2008-2315. (CVE-2008-5031) The updated Python packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 36693 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36693 title Mandriva Linux Security Advisory : python (MDVSA-2009:003) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1176.NASL description From Red Hat Security Advisory 2009:1176 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 67896 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67896 title Oracle Linux 5 : python (ELSA-2009-1176) NASL family Scientific Linux Local Security Checks NASL id SL_20090727_PYTHON_FOR_SL5_X.NASL description When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 60622 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60622 title Scientific Linux Security Update : python for SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE9_12316.NASL description Integer overflows in the python imageop module and in the expandtabs method potentially allowed attackers to execute arbitrary code. (CVE-2008-4864, CVE-2008-5031) last seen 2020-06-01 modified 2020-06-02 plugin id 41260 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41260 title SuSE9 Security Update : Python (YOU Patch Number 12316) NASL family Scientific Linux Local Security Checks NASL id SL_20090728_PYTHON_FOR_SL_4_X.NASL description When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 60625 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60625 title Scientific Linux Security Update : python for SL 4.x on i386/x86_64 NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1177.NASL description Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 40401 published 2009-07-28 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/40401 title RHEL 4 : python (RHSA-2009:1177) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2009-0016.NASL description a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724. b. Update Apache Tomcat version Update for VirtualCenter and ESX patch update the Tomcat package to version 6.0.20 (vSphere 4.0) or version 5.5.28 (VirtualCenter 2.5) which addresses multiple security issues that existed in the previous version of Apache Tomcat. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.20 and Tomcat 5.5.28: CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, CVE-2009-0783. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.18: CVE-2008-1232, CVE-2008-1947, CVE-2008-2370. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in Apache Tomcat 6.0.16: CVE-2007-5333, CVE-2007-5342, CVE-2007-5461, CVE-2007-6286, CVE-2008-0002. c. Third-party library update for ntp. The Network Time Protocol (NTP) is used to synchronize a computer last seen 2020-06-01 modified 2020-06-02 plugin id 42870 published 2009-11-23 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42870 title VMSA-2009-0016 : VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components. NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1177.NASL description From Red Hat Security Advisory 2009:1177 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 67897 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67897 title Oracle Linux 4 : python (ELSA-2009-1177) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1178.NASL description From Red Hat Security Advisory 2009:1178 : Updated python packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Python is an interpreted, interactive, object-oriented programming language. When the assert() system call was disabled, an input sanitization flaw was revealed in the Python string object implementation that led to a buffer overflow. The missing check for negative size values meant the Python memory allocator could allocate less memory than expected. This could result in arbitrary code execution with the Python interpreter last seen 2020-06-01 modified 2020-06-02 plugin id 67898 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67898 title Oracle Linux 3 : python (ELSA-2009-1178) NASL family Misc. NASL id VMWARE_VMSA-2009-0016_REMOTE.NASL description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in the following components : - Apache Geronimo - Apache Tomcat - Apache Xerces2 - cURL/libcURL - ISC BIND - Libxml2 - Linux kernel - Linux kernel 64-bit - Linux kernel Common Internet File System - Linux kernel eCryptfs - NTP - Python - Java Runtime Environment (JRE) - Java SE Development Kit (JDK) - Java SE Abstract Window Toolkit (AWT) - Java SE Plugin - Java SE Provider - Java SE Swing - Java SE Web Start last seen 2020-06-01 modified 2020-06-02 plugin id 89117 published 2016-03-03 reporter This script is Copyright (C) 2016-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/89117 title VMware ESX / ESXi Multiple Vulnerabilities (VMSA-2009-0016) (remote check) NASL family SuSE Local Security Checks NASL id SUSE_PYTHON-5848.NASL description Integer Overflows in the python imageop module potentially allowed attackers to execute arbitrary code (CVE-2008-4864). last seen 2020-06-01 modified 2020-06-02 plugin id 35332 published 2009-01-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/35332 title openSUSE 10 Security Update : python (python-5848)
Oval
accepted 2013-04-29T04:07:54.291-04:00 class vulnerability contributors name Aharon Chernin organization SCAP.com, LLC name Dragos Prisaca organization G2, Inc.
definition_extensions comment The operating system installed on the system is Red Hat Enterprise Linux 3 oval oval:org.mitre.oval:def:11782 comment CentOS Linux 3.x oval oval:org.mitre.oval:def:16651 comment The operating system installed on the system is Red Hat Enterprise Linux 4 oval oval:org.mitre.oval:def:11831 comment CentOS Linux 4.x oval oval:org.mitre.oval:def:16636 comment Oracle Linux 4.x oval oval:org.mitre.oval:def:15990 comment The operating system installed on the system is Red Hat Enterprise Linux 5 oval oval:org.mitre.oval:def:11414 comment The operating system installed on the system is CentOS Linux 5.x oval oval:org.mitre.oval:def:15802 comment Oracle Linux 5.x oval oval:org.mitre.oval:def:15459
description Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. family unix id oval:org.mitre.oval:def:10702 status accepted submitted 2010-07-09T03:56:16-04:00 title Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. version 27 accepted 2014-01-20T04:01:38.702-05:00 class vulnerability contributors name Pai Peng organization Hewlett-Packard name Chris Coffin organization The MITRE Corporation
definition_extensions comment VMWare ESX Server 3.0.3 is installed oval oval:org.mitre.oval:def:6026 comment VMware ESX Server 3.5.0 is installed oval oval:org.mitre.oval:def:5887 comment VMware ESX Server 4.0 is installed oval oval:org.mitre.oval:def:6293
description Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. family unix id oval:org.mitre.oval:def:8354 status accepted submitted 2010-03-19T16:57:59.000-04:00 title VMware python multiple integer overflows vulnerability in the imageop module version 7
Redhat
| rpms |
|
Seebug
bulletinFamily exploit description No description provided by source. id SSV:18331 last seen 2017-11-19 modified 2009-11-24 published 2009-11-24 reporter Root source https://www.seebug.org/vuldb/ssvid-18331 title Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability bulletinFamily exploit description No description provided by source. id SSV:67092 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-67092 title Python < 2.5.2 Imageop Module - 'imageop.crop()' Buffer Overflow Vulnerability
References
- http://www.securityfocus.com/bid/31976
- http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c
- http://www.openwall.com/lists/oss-security/2008/10/29/3
- http://scary.beasts.org/security/CESA-2008-008.html
- http://svn.python.org/view?rev=66689&view=rev
- http://www.openwall.com/lists/oss-security/2008/10/27/2
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://secunia.com/advisories/33937
- http://www.securityfocus.com/bid/31932
- http://support.apple.com/kb/HT3438
- http://www.vupen.com/english/advisories/2009/3316
- http://secunia.com/advisories/37471
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46606
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702
- http://www.securityfocus.com/archive/1/507985/100/0/threaded